Mozilla released the latest version of its flagship browser this week, Firefox 35, fixing nine vulnerabilities, including three critical bugs that could have led to a crash or sandbox bypass, among other issues.
One of those critical bugs was a sandbox escape discovered by security researcher Nils. Nils, a researcher at MWR InfoSecurity in the U.K., found a way to break out of the Gecko Media Plugin (GMP) sandbox on Windows systems. If exploited, the hole could have let an attacker bypass the sandbox if it was combined with another GMP bug. The sandbox is apparently only used to host H.264 video playback and the bug would spared OS X and Linux, and only affected Windows systems.
The update also remedies a read-after-free bug in WebRTC dug up by researcher Mitchell Harper that stems from the way tracks are handled. This bug could have led to a crash or something the Mozilla Foundation calls incorrect WebRTC behavior. WebRTC is a free API overseen by the World Wide Web Consortium (W3C) that Firefox, along with other browsers like Chrome and Opera, use to help users communicate with other users. The Skype-like feature Firefox Hello that uses WebRTC was first incorporated into Firefox 34 last month.
The last critical bug is really a handful of bugs attributed to a collection of Mozilla developers and community members. The issues, mostly memory safety bugs, “showed evidence of memory corruption under circumstances” according to the advisory issued on Tuesday. Researchers added “with enough effort at least some of these could be exploited to run arbitrary code.”
Several other bugs, like a memory rendering issue that could lead to leaky web content, and vulnerabilities that could have enabled privilege escalation, were also fixed.