New build patches more than 16 vulnerabilities

Feb 25, 2015 00:39 GMT  ·  By

Mozilla released version 36 of Firefox web browser on Tuesday, which continues the migration from 1024 RSA keys and integrates security fixes from the entire palette of severity levels.

The developer dealt with two flaws of little significance, six vulnerabilities presenting a moderate risk and six labeled as having a high severity.

Critical vulnerabilities

The new build patches more than 16 vulnerabilities, three of the entries presenting a higher risk if exploited successfully; in one of the cases, the entry cumulated a set of ten memory safety bugs.

The memory-related glitches were discovered by developers at Mozilla, as well as community members, some of them also contributing with a fix for the problem.

Security researcher Paul Bandha reported a use-after-free vulnerability in the browser, which would lead to a potentially exploitable crash. It would be triggered when running specific web content with IndexedDB interface to create an index.

Another critical vulnerability on the list of repairs in Firefox 36 is a buffer overflow triggered in the “libstagefright” library when playing an invalid MP4 video; the result would be allocation of an insufficiently large buffer for the content, leading to a crash that could be exploited by an attacker.

High severity risks

Among the weaknesses with less damaging potential there is one that allowed an attacker to extract user information from a user readable file stored in a known local path. The exploit was possible with user interaction by manipulating the auto-complete feature in a form; the local file remains invisible, but its content is delivered via the Document Object Model (DOM).

A security researcher revealed that the update component in the web browser loaded DLL files from the local working folder or from the Windows temporary directories (Linux and OS X are not affected), posing the risk of a malicious file “to execute with elevated privileges if a user agrees when a User Account Control (UAC) prompt from Windows is displayed.”

Mozilla developers also worked to remove an out-of-bounds write occurring when an improperly formatted SVG image file was rendered; this would allow a potential attacker to read uninitialized memory.

Another interesting flaw discovered by security researchers is a buffer underflow condition created when playing a badly formatted MP3 audio file. Successful exploitation of the glitch permits integration of parts of the Firefox memory into an MP3 stream that is accessible to scripts on a malicious page.

The full list of security glitches repaired in Firefox 36 is available on the security advisory page from Mozilla.