14 DAY TRIAL // Firefox 29 is available for download. In addition to the visual enhancements, numerous security issues have been fixed with the latest release of Mozilla’s web browser.
A total of 14 vulnerabilities have been addressed. Five of them are critical, six are high and three are moderate. No low-impact flaws have been fixed this time.
The list of critical-impact security holes includes a use-after-free in nsHostResolve, a use-after-free in imgLoader when resizing images, a privilege escalation issue through the Web Notifications API, a use-after-free in the Text Track Manager for HTML video, and various memory safety hazards.
Tyson Smith, Jesse Schwartzentruber, Nils, Mariusz Mlynski, and Abhishek Arya have been credited for identifying and reporting the flaws. The memory safety hazards have been identified by Mozilla’s internal security team.
The high-impact vulnerabilities are an XSS affecting history navigations, an out-of-bounds write bug in Cairo, a buffer overflow when using non-XBL object as XBL, memory corruption issues in Web Audio, and privilege escalation through the Mozilla Maintenance Service Installer.
In addition, Mozilla’s Boris Zbarsky found that the debugger will work with some objects while bypassing XrayWrappers, leading to privilege escalation under certain circumstances.
Additional details on the vulnerabilities are available on Mozilla’s Security Advisories page. You can download Firefox for Windows, Mac and Linux from Softpedia.