14 DAY TRIAL // On Tuesday, Mozilla released version 30 of its Firefox browser that included a total of seven security fixes, five of them being marked as critical, and the other two labelled as having a high security impact.
Out of the five critical vulnerabilities, three of them would allow an attacker to cause a potentially exploitable crash by taking advantage of flaws with SMIL Animation Controller (use-after-free when rendering malformed web content), in Web Audio Speex resampler (buffer overflow when audio content exceeds expected bounds) and in Event Listener Manager (use-after-free triggered by web content).
The set of critical issues repaired in Mozilla Firefox 30 also refers to memory safety bugs present in the browser engine that is also used by the Thunderbird email client.
Although a method to exploit them has not been devised, the developer believes that in certain circumstances at least a part of them could enable an attacker to run arbitrary code on the user machine.
Among the flaws with a high security impact, there is a buffer overflow in the Gamepad API that could lead to an exploitable crash. The vulnerability would occur in conjunction with a gamepad with non-contiguous axes, either a physical or a virtual device.
Another security fix addresses an event that can make the mouse cursor invisible after interaction with an embedded flash object and then use it outside said object.
The prevalent risk in such a situation is clickjacking. This problem is not present in Windows and Linux and affects only OS X users.
Download Mozilla Firefox for Windows
Download Mozilla Firefox for Linux
Download Mozilla Firefox for Mac OS X