Mozilla yesterday released the substantially redesigned version 29 of its Firefox browser. The latest iteration includes fixes for a number of critical and highly rated security vulnerabilities.
Among the five critical vulnerabilities are user-after-free bugs in nsHostResolve, imgLoader while resizing images, and the Text Track Manager for HTML videos. The remaining two critically rated patches resolve a privilege escalation vulnerability in the Web notification application programming interface and a variety of memory safety hazards.
Fixes that receive critical ratings apply to vulnerabilities that can be exploited to run attacker code and install software without any user interaction beyond normal browsing behavior.
These fixes that receive high ratings pertain to vulnerabilities that could be exploited to gather sensitive data from sites in other windows or inject data or code into those sites. These also require no user interaction beyond typical browsing.
The remaining moderately critical patches fix an incorrect international domain names (IDNA) matching for wildcard certificates, an address bar suppression problem on Firefox for Android, and an out of bounds read while decoding JPG images. These moderately critical vulnerabilities are bugs that would otherwise be highly or even critically rated, but can only be triggered under unlikely circumstances or unusual configurations.
You can read the full patch release notes here.
Mozilla also issued eight fixes for its Thunderbird email client, each of which is referenced above. To be clear though, the critical fixes included the use-after-frees in nsHostResolve and imgLoader, the privilege escalation in the Web notification API, and the various memory hazards. The highly rated bugs are the history XSS, the XBL-related buffer overflow, and the maintenance service installer elevation of privilege bug. The moderately rated bug is the JPEG out of bounds read.
In case you were wondering, the special bug bounty program recently launched by Mozilla seeking vulnerabilities in its new certificate verification applies to version 31 of Firefox and is not related to this update.