14 DAY TRIAL // A new version of Mozilla Firefox is currently available, delivering a slew of performance and usability improvements, as well as security patches that address critical vulnerabilities in the browser ranging from moderate to critical severity.
The security advisory page for Firefox 33 lists three critical bugs, although one is a cumulative entry that includes multiple memory safety issues, some of which can lead to memory corruption and are believed to be exploitable to execute arbitrary code on the affected machine.
Mozilla disclosed a critical out-of-bounds write vulnerability that became present when buffering video in WebM format with frames with invalid tile sizes. Discovering the issue is attributed to Abhishek Arya from the Google Chrome security team; he found it using the Address Sanitizer tool.
Although the vulnerability affects both Firefox and Thunderbird email client, the company says that “in general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled.”
Another severe bug is a use-after-free security glitch that appeared during text layout in interaction with text direction, leading to possible execution of arbitrary code.
Flaws marked as having a “high” impact include accessing cross-origin objects through the Alarms API, Web Audio memory corruption issues, buffer overflow when CSS is manipulated and continuous use of unintialized memory during repeated rendering of a malformed GIF.