K. Joseph Breheny
content writer
  • pc security
1 Star2 Stars3 Stars4 Stars5 Stars

Mozilla Releases Critical Security Updates for FireFox, Thunderbird

Security updates released this week by Mozilla include security fixes for numerous vulnerabilities in Firefox, Firefox ESR, and Thunderbird. These include three critical security updates for vulnerabilities that a remote attacker could exploit to obtain sensitive information or execute arbitrary code on the user’s system.

Security Updates for FireFox

Updates available include:

  • Firefox 36
  • Firefox ESR 31.5
  • Thunderbird 31.5

There are 3 critical fixes:
Firefox 36: Fixes a buffer overflow in the libstagefright library during video playback where invalid MP4 video files could result in allocation of a buffer that was too small for the content, that could result in an potentially exploitable crash.

Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Fixes a use-after-free vulnerability when running specific web content with IndexedDB to create an index, potentially resulting in an exploitable crash.

Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Several memory safety bugs are fixed in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption that could be exploited to run arbitrary code.

Other high severity issues addressed in these updates include:

  • Ability to use autocomplete to obtain user information from readable files stored in known local locations.
  • Potential for attackers to use Firefox to execute malware through its update facility
  • Ability for scripts to access browser memory using malicious MP3s.

Comodo IceDragon

Comodo offers a Firefox based browser, Comodo Icedragon that includes enhanced security and privacy features.


Stay in the loop

Sign up to our cyber security newsletter