Several vulnerabilities, some critical, addressed in Firefox 36

Firefox 36 was released on Tuesday and a number of vulnerabilities have been addressed, including a few that are deemed critical.

A buffer overflow in ‘libstagefright’ during MP4 video playback was considered critical because it could lead to a potentially exploitable crash, and a use-after-free in IndexedDB was also deemed critical because it, too, could lead to a potentially exploitable crash, according to a post.

Mozilla also addressed several critical memory safety bugs that, under certain circumstances, could be exploited to run arbitrary code, the post noted.

The remaining vulnerabilities are considered to be high, moderate, or low in impact. Some of the high impact bugs include a buffer underflow during MP3 playback, an out-of-bounds read and write while rendering SVG content, and a double-free when using non-default memory allocators with a zero-length XHR.




Via: scmagazine

Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *