Mozilla has released its latest security updates for the Firefox browser and Thunderbird email client. The updates fix numerous vulnerability issues, some that an attacker could use to produce an exploitable crash or execute arbitrary code.
There are 3 critical security updates in this release that resolve vulnerabilities in Firefox and Thunderbird:
MFSA 2014-72: Fixes a use-after-free vulnerability during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution.
MFSA 2014-68: Fixes a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to a potentially exploitable crash.
MFSA 2014-67: Fixes several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption that could be exploited to run arbitrary code.
Unless a user has turned off automatic updates, the latest security updates will be delivered to most users automatically online. Users who have turned off automatic updates can use the “Check for Updates…” feature on the Help menu.
The following updates are available:
- Firefox 32
- Firefox ESR 24.8
- Firefox ESR 31.1
- Thunderbird 31.1
- Thunderbird 24.8
Comodo offers its own free to download Firefox based browser, the Comodo IceDragon. It includes unique security and privacy enhancements not found in any other browser.