Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution.

Firefox 30 is a relatively minor release of the popular browser, with the most notable change being the addition of a sidebar button that allows users to quickly access social and bookmarking sites. The new release also includes a sidebar that enables users to follow the action of the World Cup as it happens.

Among the security fixes are the five critical vulnerabilities, which include three use-after-free bugs and a buffer overflow. Mozilla’s internal developers also identified a number of memory corruption vulnerabilities that were fixed in Firefox 30.

“Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” the security advisory says.

Here is the complete list of security vulnerabilities repaired in Firefox 30:

MFSA 2014-54 Buffer overflow in Gamepad API

MFSA 2014-53 Buffer overflow in Web Audio Speex resampler

MFSA 2014-52 Use-after-free with SMIL Animation Controller

MFSA 2014-51 Use-after-free in Event Listener Manager

MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction

MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer

MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

Among the high-impact bugs fixed in this release is a vulnerability that, under some highly specific circumstances, could lead to a clickjacking attack.

“Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickjacking during interactions with HTML content subsequently. This issue only affects OS X and is not present on Windows or Linux systems,” Mozilla’s advisory said.

Google Patches Flaws in Chrome

Also on Tuesday, Google fixed a handful of vulnerabilities in Chrome 35, including high-risk flaws. The company handed out $2,500 in rewards to researchers, as well. The bugs fixed in the browser include:

[$1000][369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
[$1000][369539] High CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook.
[$500][369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen of OUSPG.

Categories: Vulnerabilities, Web Security