14 DAY TRIAL // Besides bringing Push notifications, the recently released Firefox 44 Web browser also fixed 12 security issues, with three labeled as critical and two as high.
One of the security issues Mozilla fixed that had a critical severity level was a buffer overflow vulnerability in libstagefright, the very same library also found in Android that handles multimedia files, the cause of the famous Stagefright bugs that affected around 1 billion devices.
According to Mozilla's description, attackers could exploit this vulnerability by tricking the user to access a malicious MP4 video file, which would later allow the attacker to execute arbitrary code in the user's browser, compromising the application and even the operating system, if the attacker is skilled enough to do so.
Firefox devs also removed a second buffer overflow issue in the WebGL engine. This bug could only be used to crash the browser, and did not allow remote code execution like the one above.
The third critical-level vulnerability was a series of memory hazard issues, which have been quickly patched by the dev team, in both Firefox 44 and Firefox ESR 38.6.
Firefox 44 dropped RC4 support
Besides security fixes, Mozilla also kept a promise it made in September last year and officially removed support for the RC4 cipher. Other browsers like Internet Explorer, Edge, and Chrome are also expected to drop RC4 in upcoming versions.
Additionally, Firefox also announced it would use an SHA-256 signing certificate for its Windows builds, to meet new signing requirements put in place by Microsoft last year, when the Redmond company also dropped support for some root certificates because of the same reason.
And since we mentioned root certificates, Mozilla also announced it would be dropping two CAs from its browser. These are a 1024-bit root certificate issued by the Equifax Secure Certificate Authority and the certificates issued by UTN - DATACorp SGC.