Mozilla has fixed seven security vulnerabilities in its flagship Firefox browser, including four critical bugs. The fixes are included in Firefox 13, which was released Tuesday.
Firefox 13 will download automatically for most users and be installed once users restart the browser. Among the security flaws fixed in this version of the browser are several severe ones, including a pair of critical buffer overflows and some use after free vulnerabilities. Those problems were discovered by a Google researcher.
“The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable,” the Mozilla advisory says.
Among the other vulnerabilities repaired in Firefox 13 are several memory-safety problems discovered by Mozilla engineers.
“Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla said in the Firefox advisory.
“In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.”
Firefox users should update their browsers as soon as possible to protect themselves against these bugs.