Firefox Releases Security Update

Thursday, June 9, 2016 @ 12:06 PM gHale


An updated Firefox web browser mitigated vulnerabilities with the release of version 47.

One of the critical vulnerabilities is a heap buffer overflow triggered when parsing HTML5 fragments. The issue can lead to an exploitable crash when inserting an HTML fragment into a document.

RELATED STORIES
Google Releases Chrome Update
Security Patches for Chrome 50
Firefox Security Issues Mitigated
XSS Filter Bypass in Edge

Six of the vulnerabilities patched by Firefox developer, Mozilla, ended up rated “high impact.” One of them occurs when a DOM table element created in content editable mode ends up deleted.

Researcher Anton Larsson discovered a pointer lock permission bypass issue an attacker could exploit for persistent denial-of-service (DoS) attacks, and spoofing and clickjacking attacks against the browser’s user interface.

Another high severity flaw was a use-after-free bug resulting in a potentially exploitable crash that could trigger when processing WebGL content.

The Windows version of Firefox suffers from a vulnerability related to the updater. An attacker could exploit this weakness to overwrite arbitrary files and even for privilege escalation if the targeted files are used by high-privileged Windows components.

Another high severity flaw that only affects the Windows version of Firefox is an out-of-bounds write related to the ANGLE graphics library that is used for WebGL content. Exploiting this vulnerability could result in a crash.