Mozilla Fixes 10 Bugs in Release of Firefox 6

Mozilla has released Firefox 6 through its automatic update mechanism and the new version of the group’s popular browser includes fixes for 10 vulnerabilities, several of them critical flaws that could allow remote code execution.

Firefox patchMozilla has released Firefox 6 through its automatic update mechanism and the new version of the group’s popular browser includes fixes for 10 vulnerabilities, several of them critical flaws that could allow remote code execution.

The new version of Firefox comes just a two months after Mozilla released Firefox 5, which included some security upgrades such as Do Not Track functionality. Firefox 6, however, is mostly a cosmetic and functional upgrade, that also includes a small truckload of security fixes. The most serious of the vulnerabilities are four memory-safety bugs that Mozilla said could allow a remote attacker to run code on user’s machines.

Mozilla identified and fixed several
memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other
Mozilla-based products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code,” Mozilla said in the security advisory for Firefox 6.

All four of the memory-safety vulnerabilities are rated critical, as are four other flaws, including:

  • Unsigned scripts being able to call a script inside a signed JAR
  • A string crash using WebGL shaders
  • A heap overflow in ANGLE library
  • A crash in SVGTextElement.getCharNumAtPosition()

There also are two other vulnerabilities fixed in Firefox 6 that are rated as high risks. Current Firefox users can get version 6 through the automatic update mechanism in the browser.

Suggested articles

Discussion

  • Anonymous on

    Misleading headline. Mozilla fixed more than 10 "bugs". Consider changing this word to vulnerabilities for accuracy.

  • Anonymous on

    Thats great. Now they just need to fix the problem of logging into Linkedin which they don't seem to support?

  • Dave Brast on

    Nice to know that 10 vulnerabilities have been fixed, but the tradeoff is that the add-on for AVG Safe Search is now incompatible with 6.0, and it's impossible to download PDFs from some websites, and at least one website I use will not load completely. I get around this by using Chrome, but then I've lost all the nice functionality of Firefox. Are these problems being worked on, or are we going to wake up someday with a Firefox that is perfectly safe and completely nonfunctional? Of course I'm exaggerating, but you know what I mean.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.