Mozilla yesterday released the substantially redesigned version 29 of its Firefox browser. The latest iteration includes fixes for a number of critical and highly rated security vulnerabilities.
Among the five critical vulnerabilities are user-after-free bugs in nsHostResolve, imgLoader while resizing images, and the Text Track Manager for HTML videos. The remaining two critically rated patches resolve a privilege escalation vulnerability in the Web notification application programming interface and a variety of memory safety hazards.
Fixes that receive critical ratings apply to vulnerabilities that can be exploited to run attacker code and install software without any user interaction beyond normal browsing behavior.
The update also resolves six less severe, highly rated vulnerabilities. The first could let a debugger bypass XrayWrappers with JavaScript. The second is a cross-site scripting (XSS) bug exploitable while using history navigations. The third is an out-of-bounds write in the Cairo graphics library. The fourth is a buffer overflow when using a non-XML binding language (XBL) object as XBL. The fifth resolves Web audio corruption issues. And the sixth closes off a privilege escalation through Mozilla’s maintenance service installer.
These fixes that receive high ratings pertain to vulnerabilities that could be exploited to gather sensitive data from sites in other windows or inject data or code into those sites. These also require no user interaction beyond typical browsing.
The remaining moderately critical patches fix an incorrect international domain names (IDNA) matching for wildcard certificates, an address bar suppression problem on Firefox for Android, and an out of bounds read while decoding JPG images. These moderately critical vulnerabilities are bugs that would otherwise be highly or even critically rated, but can only be triggered under unlikely circumstances or unusual configurations.
You can read the full patch release notes here.
Mozilla also issued eight fixes for its Thunderbird email client, each of which is referenced above. To be clear though, the critical fixes included the use-after-frees in nsHostResolve and imgLoader, the privilege escalation in the Web notification API, and the various memory hazards. The highly rated bugs are the history XSS, the XBL-related buffer overflow, and the maintenance service installer elevation of privilege bug. The moderately rated bug is the JPEG out of bounds read.
Mozilla also issued patches for ESR and Seamonkey.
In case you were wondering, the special bug bounty program recently launched by Mozilla seeking vulnerabilities in its new certificate verification applies to version 31 of Firefox and is not related to this update.