Firefox 45 Browser Fixes 40 Holes
Monday, March 14, 2016 @ 03:03 PM gHale
Mozilla’s latest version of the Firefox browser has security fixes for 40 vulnerabilities, 22 labeled critical.
Firefox 45 includes 21 security advisories, including nine critical bulletins.
The majority of the bugs were in the Graphite 2 font processing library. Fourteen bugs were in one advisory alone, of which there are heap buffer overflow read and write problems, uninitialized memory errors and out-of-bounds write errors.
Combine that vulnerability with the out-of-bounds write with a malicious font, and there could be an exploitable crash.
The update also resolves a number of use-after-free vulnerabilities during XML transformations, as well as when a user is running multiple WebRTC data channels.
The same kind of vulnerability was also in the Service Worker Manager platform, the HTML function SetBody and HTML5 string parser functions.
Another critical vulnerability fixed within Firefox 45 is a heap-based buffer overflow vulnerability in Network Security Services (NSS) libraries parsed certain ASN.1 structures. Mozilla also mitigated a number of memory corruption bugs which could end up exploited to run arbitrary code.
Mozilla also provided fixes for less severe security issues, including WebRTC and LibVPX vulnerabilities, use-after-free issues, same-origin policy violations and a memory leak in libstagefright.
Alongside the security fixes, Mozilla also removed features not popular with users. Tab Groups are now gone for users of the Firefox browser on Windows, Mac and Linux, although users can still keep this functionality if they wish through add-ons.