Mozilla Fixes Firefox Security Holes

Thursday, February 6, 2014 @ 04:02 PM gHale


Mozilla fixed 13 security vulnerabilities — including four critical, four high, four moderate and one low-impact flaws — with the release of Firefox 27.

The critical vulnerabilities, which could end up exploited to execute arbitrary code without user interaction, are a use-after-free during image processing, an issue with image decoding in RasterImage, a crash when terminating a web worker running asm.js code, and miscellaneous memory safety hazards.

RELATED STORIES
New Chrome Fixes Memory Bug
Apple Fixes Safari in New OS Release
Password Leakage in Safari
Google Fixes Chrome Hole

The high-impact security holes are a cross-origin information leak through web workers, NSS ticket handling problems, and cloning protected XUL elements with XML Binding Language scopes.

Boris Zbarsky, a Mozilla developer, has identified an inconsistency with the different JavaScript engines in the way they handle “window” objects.

For additional details, click on the vulnerabilities fixed in Firefox 27 security advisories.



Leave a Reply

You must be logged in to post a comment.