This week Mozilla addressed 3 critical security vulnerabilities in the release of Firefox 35 this week. Firefox 35 also includes some interesting new features such asa cross-platform video chat service called Firefox Hello and new social sharing features. You can now make free video and voice calls from your Web browser, with no account or account setup required.
Hello Chat can be obtained as a standalone program that can be installed other browsers.
Gecko Media Plugin (GMP) Sandbox Bugs
The released fixes a bug that allows an attacker to escape or bypass the GMP sandbox on Windows system if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process. The GMP sandbox is only used to host h.264 video playback using the OpenH264 plugin, but could host other other media plugins in the future.
This issue only affects Windows systems.
In addition, a patch was included to address a mechanism to break out of the Gecko Media Plugin (GMP) sandbox on Windows systems. This bug would allow an attacker to escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process.
This bugs only affects Windows systems.
Read-after-free in WebRTC
A fix is included for a read-after-free vulnerability in WebRTC due to the way tracks are handled. This results in a either a potentially exploitable crash or incorrect WebRTC behavior.
Comodo offers a Firefox based browser, Comodo Icedragon that includes enhanced security and privacy features.