14 DAY TRIAL // Along with the addition of new features, Firefox 47, which was released yesterday, also addresses 14 security issues, of which Mozilla engineers labeled three as critical vulnerabilities.
All fixes are for the Firefox stable version 47.0 and Firefox ESR (Extended Support Release) 45.2, the core Firefox engine that other products embed in their offerings.
Firefox 47 fixes HTML5 exploitation point
The first critical issue (CVE-2016-2819) is a buffer overflow in how the browser processes HTML5 fragments via the SVG tag.
The HTML5 standard allows developers to declare small portions of a Web page where HTML5 code is used. Researcher firehack discovered that he could insert such fragments inside SVG code and cause the browser to crash in an unsafe manner, leading to a situation that can be exploited to run arbitrary code on the user's filesystem.
The second and third critical issues (CVE-2016-2815; CVE-2016-28199) were the work of Mozilla's own engineers, who discovered various situations in which the Firefox 47 browser engine did not behave as expected.
"Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the Mozilla team has explained today.
High severity bugs fixed in WebGL, Fullscreen mode, and the browser updater
Mozilla engineers also fixed four high-severity security bugs, the Foundation's second level of danger in terms of security bugs.
One of these bugs affected the WebGL shader on Windows, via the ANGLE graphics library, and led to an out-of-bounds memory write. The second also affected WebGL and provided malicious parties easy memory access after a crash of WebGL operations.
The third was an issue affecting the Mozilla updater on Windows. Independent security researcher Frédéric Hoguin discovered that the updater was not locking downloaded files and allowed other apps to inject or overwrite Mozilla updates while they were being downloaded. Since this process can be called upon by Windows components with higher privileges, malware could use it to escalate its access on the machine.
The fourth and final high severity issue allows for a denial of service (DoS) attack that forces users to close their browser, but also lets crooks carry out mouse spoofing and clickjacking attacks. Researcher Anton Larsson discovered this happening when the user was in fullscreen mode and entered a pointerlock state (hide or lock mouse cursor).
The Firefox team also fixed four medium-level security bugs and two low-level bugs. Users are advised to update their browser as soon as possible, either via the built-in updater, or by downloading a fresh Firefox copy from Softpedia for Linux, Mac, and Windows. A list of all fixed issues is available below.