Mozilla Ships a More Secure Firefox 24

Friday, September 20, 2013 @ 07:09 PM gHale


Mozilla released its latest open-source Firefox browser update for Android as well as desktop versions for Windows, Mac and Linux operating systems.

The Firefox 24 release is light on new user-facing features and heavy on security fixes, providing 17 security advisories, seven of which Mozilla rated “critical.”

RELATED STORIES
Patched Safari Bug under Attack
Text String Takes Bite Out of Apple
Still a Hack, but Wrong Person
‘Jekyll’ Test Attack Takes Over

Among the critical vulnerabilities Mozilla is fixing in Firefox 24 are a number of memory safety related security issues.

“Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products,” the Mozilla Foundation Security Advisory (MFSA) 2013-76 said.

“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

There is also a use-after-free flaw with the “select” HTML element. A use-after-free memory error is one where authorized memory is able to end up used by unauthorized elements after it is no longer in use.

Mozilla said in its security advisory that security researcher Scott Bell used Google’s open-source Address Sanitizer tool in order to find the flaw. Google commonly uses Address Sanitizer itself to find use-after-free flaws in its own Chrome browser.



Leave a Reply

You must be logged in to post a comment.