Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser.
One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances.
“Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video playback when certain invalid MP4 video files led to the allocation of a buffer that was too small for the content. This led to a potentially exploitable crash,” the Mozilla advisory says.
Among the other critical bugs patched in this release is a use-after-free vulnerability in the indexdDB component of the browser.
“Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash,” Mozilla said in its advisory.
Firefox 36 also includes patches for a variety of memory safety vulnerabilities. The new release also includes fixes for a number of high-risk vulnerabilities, one of which affects the Mozilla updater function in the browser. The bug could let an attacker load malicious files.
“Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run directly, the updater will load binary DLL format files from the local working directory or from the Windows temporary directories. This occurs when it is run without the Mozilla Maintenance Service on Windows systems. This allowed for possibly malicious DLL files to execute with elevated privileges if a user agrees when a User Account Control (UAC) prompt from Windows is displayed,” the advisory says.
The new browser also includes fixes for a handful of other medium and low-risk security bugs.