security firefox_patch4

Published on January 28th, 2016 | 895 views Post Views

Mozilla Patches Critical Vulnerabilities in Firefox 44

Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week.

The most serious flaws were memory vulnerabilities that lived in both the public and extended support versions of the browser.

A buffer overflow (write) in WebGL, the browser’s Web graphics library, was patched. WebGL is a JavaScript API that renders 3D and 2D graphics in the browser without the need for a plug-in. Mozilla said the vulnerability was discovered in the buffersubdata method of the API.

Mozilla also addressed several “memory safety bugs” in the engine used in Firefox and other Mozilla products.

“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla said in its advisory.

Mozilla said the flaws cannot be exploited through Thunderbird where scripting is disabled, but cautioned against the risk in “browser-like contexts.”

Three other memory-related bugs were patched in Firefox 44. The vulnerabilities were found in the ANGLE graphics library, and in Firefox’s handling of zip files and parsing of the libstagefright library.

“The first two issues do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them,” Mozilla said in its advisory. “The libstagefright issue could potentially be triggered by a malicious MP4 format video file, allowing for arbitrary code execution.”


Mozilla also patched vulnerabilities it rated “high severity” in Firefox 44, including two that facilitate address bar spoofing, and another set of issues in the browser’s Network Security Services that can introduce cryptographic weaknesses, the advisory said.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
Radare – The Reverse Engineering Framework

Radare started out as a simple command line interface for a hexadecimal editor supporting 64 bit offsets to make searches...