Security Fixes for Firefox 25

Wednesday, October 30, 2013 @ 03:10 PM gHale


Mozilla’s Firefox 25 web browser is now available with 10 security fixes along with the latest improvements.

Five of the issues ended up labeled as critical, which means that attackers could exploit them to run code and install software without user interaction being required.

RELATED STORIES
Browser Security Warnings Effective
Security Holes Fixed in Chrome
Mozilla Ships a More Secure Firefox 24
Patched Safari Bug under Attack

The list of critical vulnerabilities includes use-after-free flaws in HTML document templates and when updating offline cache, and a memory corruption bug with the JavaScript engine when using workers with direct proxies.

Miscellaneous memory safety hazards and use-after-free issues found through ASAN fuzzing were also a part of the fix.

The high-impact security holes include an access violation issue with XSLT and initialized data, and a security bypass of PDF.js via iframes, and a potentially exploitable crash caused when a cycle collected object releases on the wrong thread during image decoding.

Mozilla said users should update their installations to protect themselves against hacker attacks that might leverage these vulnerabilities.



Leave a Reply

You must be logged in to post a comment.