Mozilla Releases Firefox 28, Fixes Vulnerabilities Presented at Pwn2Own

A total of 18 security holes have been addressed with the latest release

  18 vulnerabilities fixed in Firefox
Firefox 28 is available for download. In addition to some new features and bug fixes, Mozilla has also addressed a number of security holes, including the ones disclosed by researchers at Pwn2Own 2014.

Firefox 28 is available for download. In addition to some new features and bug fixes, Mozilla has also addressed a number of security holes, including the ones disclosed by researchers at Pwn2Own 2014.

A total of 18 security issues have been fixed. Five of them are critical, three of them are high-impact, seven are moderate-impact, and three are minor security vulnerabilities.

All of the flaws presented at Pwn2Own are considered critical. They’ve been identified by Mariusz Mlynski, VUPEN, George Hotz (geohot) and Jüri Aedla.

Mlynski managed to execute arbitrary code in Firefox by loading a JavaScript URL executed with full privileges of the web browser.

For this, he leveraged a couple of bugs: one that allowed for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to callwindow.open(), and one that allowed the bypassing of the pop-up blocker without any user interaction.

Aedla has managed to execute code by exploiting security holes leading to out-of-bounds reads and writes into the JavaScript heap. He accomplished this after discovering that “TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use.”

An exploitable use-after-free issue was identified by VUPEN. Experts found that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine.

Hotz has executed arbitrary code by causing an exploitable crash after leveraging an issue where values are copied from an array into a second, neutered array, which allows an out-of-bounds write into memory.

These vulnerabilities impact not only Firefox, but also Seamonkey and Thunderbird.

The fifth critical vulnerability fixed with the release of Firefox 28 is described as “miscellaneous memory safety hazards.”

The high-impact security holes refer to SVG filters information disclosure through feDisplacementMap, an information disclosure through polygon rendering in MathML, and out-of-bounds read during WAV file decoding.

Google fixed the vulnerabilities presented at Pwn2Own 2014 shortly after the hacking competition ended. It appears that Mozilla didn’t want to wait too much either. It remains to be seen when Microsoft will address the Internet Explorer security holes exploited by experts at Pwn2Own.

Firefox users are advised to update their installations as soon as possible to protect their computers against potential cyberattacks. You can download the latest versions of Firefox for all platforms from Softpedia.

Download Mozilla Firefox for Windows

Download Mozilla Firefox for Linux

Download Mozilla Firefox for Mac OS X

Comments