Firefox Releases Security Update
Thursday, June 9, 2016 @ 12:06 PM gHale
An updated Firefox web browser mitigated vulnerabilities with the release of version 47.
One of the critical vulnerabilities is a heap buffer overflow triggered when parsing HTML5 fragments. The issue can lead to an exploitable crash when inserting an HTML fragment into a document.
Six of the vulnerabilities patched by Firefox developer, Mozilla, ended up rated “high impact.” One of them occurs when a DOM table element created in content editable mode ends up deleted.
Researcher Anton Larsson discovered a pointer lock permission bypass issue an attacker could exploit for persistent denial-of-service (DoS) attacks, and spoofing and clickjacking attacks against the browser’s user interface.
Another high severity flaw was a use-after-free bug resulting in a potentially exploitable crash that could trigger when processing WebGL content.
The Windows version of Firefox suffers from a vulnerability related to the updater. An attacker could exploit this weakness to overwrite arbitrary files and even for privilege escalation if the targeted files are used by high-privileged Windows components.
Another high severity flaw that only affects the Windows version of Firefox is an out-of-bounds write related to the ANGLE graphics library that is used for WebGL content. Exploiting this vulnerability could result in a crash.