Severe-risk flaws identified in code inspection

Jul 3, 2015 10:25 GMT  ·  By

Mozilla rolled out a new stable version for Firefox browser, which addresses 13 security problems, 4 of them referring to a total of 13 vulnerabilities deemed to have a critical impact.

Firefox 39 was expected a few days ago, but developers had to postpone availability to the wider audience due to a startup crash issue caused by a library integrated in some add-ons for the browser.

Most glitches found during code inspection

7 of the critical vulnerabilities have been reported by security researcher Ronald Crane who found them through code inspection. They relate to use of uninitialized memory, poor validation that could lead to an exploitable crash, reading of unowned memory in ZIP archives and buffer overflows.

The developers say that a web content exploitation mechanism has not been identified to trigger them, but finding one could lead to serious risks.

A batch of three vulnerabilities causing memory safety hazards have been uncovered by Mozilla developers.

“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” reads Mozilla’s security advisory.

Use-after-free problems solved

A couple of extra bugs were discovered by security researcher Looben Yan by using the Address Sanitizer tool. The two of them are use-after-free vulnerabilities and are related.

Triggering them is possible when using the XMLHttpRequest JavaScript object together with shared or dedicated workers. The result is an exploitable crash occurring when the object attached to the worker is improperly deleted while still in use.

Last on the list of critical glitches is another use-after-free vulnerability, caused by the Content Policy mechanism changing the DOM (Document Object Model) in order to remove an object that keeps on being used because of a glitch in microtask implementation, the advisory said.

The flaw is currently identified as CVE-2015-2731 and it can lead to an exploitable crash. Credited for its discovery is a security researcher known as Herre.