Mozilla released the 25th version of its mobile and desktop Firefox browser yesterday, fixing 10 vulnerabilities, five of them critical.
The United States Computer Emergency Readiness Team (US-CERT) warned yesterday the vulnerabilities could let an attacker execute arbitrary code, bypass access restrictions, obtain sensitive information and cause a denial-of-service (DoS) condition.
While not critical, another bug discovered by security researcher Cody Crews was patched that could have let an attacker append an iFrame into an embedded PDF object. The result could have led to the disclosure of local system files and the bypassing of security restrictions.
According to the company’s bug-tracking database Bugzilla, 565 bugs in total were fixed in Firefox 25.0.
While Mozilla’s Thunderbird mail client (24.1) and Seamonkey (2.22) Internet application suite were also updated yesterday, most of the bugs fixed were only at risk of being exploited in the Firefox browser or Firefox “browser-like contexts.” Since scripting is disabled in Thunderbird and Seamonkey, it makes them less likely to be exploited.
Mozilla’s mobile version got an upgrade yesterday as well, bringing some existing security features from the desktop browser to Android devices.
The latest mobile build also supports guest browsing, making it easier for users to lend their device to others without having them have to worry about revealing any sensitive bookmarks or history.
Both guest browsing and mixed content blocking features were introduced in the beta version of the mobile browser back in September but officially went live in the stable version yesterday.