Mozilla Releases Firefox 47, Addressing Plentiful Vulnerabilities in its Browser

Mozilla, this week, released Firefox 47 the latest version of Firefox, patching thirteen security flaws among which 2 are critical because if exploited they could result in click-jacking and spoofing in addition to other problems.

In an advisory by Mozilla issued on Tuesday, one security flaw is buffer overflow flaw capable of leading to potential crash. Security Researcher who calls himself Firehack says the overflow was capable of popping up if user's Web-browser performed parsing of HTML5 pieces within an external context. And by inserting a piece into any file already existing, the Web-browser could potentially crash.

Named CVE-2016-2815 and CVE-2016-28199, these two critical vulnerabilities are because of the company's engineers themselves, the discoverers of different situations wherein browser engine of Firefox 47 didn't perform as intended.

Mozilla's team elaborates, a few of these flaws indicated that there were memory corruption incidences within particular circumstances, while it was assumed that by putting sufficient effort a few of these flaws, if not all, were exploitable for random code execution. Softpedia.com posted this, June 8, 2016.

The Firefox browser had an additional eleven vulnerabilities that Mozilla patched. These vulnerabilities comprised holes with which data could be disclosed via CSS vulnerabilities, utilize-after-free flaws; Java applets could evade security safeguards such as CSP; files overwritten and address bar hoaxed; and escalation of admin rights enabled via Windows updater of Mozilla.

A hole among those mentioned above impacted Windows having WebGL shader via a graphics library called ANGLE, while resulted in memory write of out-of-bounds. Another of the holes too impacted WebGL while enabled memory access easily to malicious parties following collapse of WebGL performances.

There were 4 medium-level and 2 low-level vulnerabilities that the Firefox researchers patched. The company advises users for making their browser up-to-date at the earliest. This they need doing by either updating to Firefox 47 or by taking down new Firefox software obtainable through Softpedia for computers running Windows, Mac, or Linux.

The new update of Firefox introduces to the browser some aesthetic changes too such as one sidebar to enhance synced tabs, enriched YouTube playback, and several web platform alterations.

» SPAMfighter News - 6/16/2016