Firefox Re-release Fixes Holes

Monday, October 15, 2012 @ 04:10 PM gHale


Firefox 16, Mozilla’s latest version, is off the shelf with the release of Firefox 16.0.1 after the discovery of big enough vulnerabilities to force the removal of the just released open source web browser.

Mozilla first described the problem as a malicious web site being able to potentially determine the URLs and parameters used and suggested downgrading to Firefox 15.0.1, despite the bugs fixed in Firefox 16.

RELATED STORIES
Firefox 16 Vulnerability
Mitigation, Update for PLC Hole
Sielco Sistemi Overwrite Vulnerability
Hotfix for DeltaV Vulnerability

Gareth Heyes, an independent security researcher, issued a proof of concept (PoC) which showed Firefox 16 was insecure with its Windows location variables, allowing an attacker to open a window pointing at some part of another site, wait for that site to redirect the window to a “logged in” page and then retrieve the new location and any associated data. Accessing the location information should normally not occur via the browser’s “Same Origin” policy.

According to Mozilla’s advisory though, a similar but separate critical flaw was in Firefox 16, Firefox ESR 10.0.8, SeaMonkey 2.13, Thunderbird 16 and Thunderbird ESR 10.0.8 and earlier, which not only disclosed the location object, but, in Firefox 15 and earlier, had the potential for arbitrary code execution.

Firefox 16.0.1 closes both these holes.

But these were not the only holes fixed in 16.0.1; another security advisory said developers also identified two of the top crashing bugs in the browser engine and these bugs showed signs of having corrupted memory.

Mozilla concluded it could be possible to exploit these holes to execute code. One of the bugs only affected FreeType on mobile devices and ended up fixed in Firefox 16.0.1 for Android, while the other is a WebSockets bug in Firefox 16 only and is not present in Firefox ESR.

Firefox 16.0.1 is pushing out via Firefox browser’s auto update system.



Leave a Reply

You must be logged in to post a comment.