14 DAY TRIAL // Firefox 14 has been officially released. Besides the improvements made in the features department, Mozilla also made sure to address a number of vulnerabilities that may have allowed a malicious hacker to cause some severe damage.
A total of 14 security holes have been patched up, 5 of which are catalogued as being critical. One of them is a code execution vulnerability.
“The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are executed in such a sandbox with insufficient context that can allow those scripts to escape from the sandbox and run with elevated privilege,” reads the description of the flaw.
Security researcher Bill Keese has found a memory corruption issue that can lead to an exploitable crash. The problem is caused by a JSDependentString::undepend string conversion.
A vulnerability that could result in untrusted content having access to the XML Binding Language that implements browser functionality has been identified by Bobby Holley of Mozilla.
By using the Address Sanitizer tool, Google researcher Abhishek Arya identified a couple of use-after free bugs, a bad cast, and an out-of-bounds read issue. If left unaddressed, they could have all been exploited.
The last critical security hole refers to a number of memory hazards identified by Mozilla developers.
The high severity problems fixed in Firefox 14 include a data leakage bug caused by the errors in the implementation of the Content Security Policy 1.0, and a cross-site scripting vulnerability through the context menu using a data:URL.
A spoofing issue in the location property, and the improper filtering of JavaScript in HTML feed-view have also been fixed.
The rest of the addressed issues, catalogued as being moderate, can be leveraged only in non-default configurations and require the victim to perform a number of uncommon operations.
Firefox for Windows is available for download here Firefox for Mac is available for download here Firefox for Linux is available for download here Firefox for Android is available for download here