Reading Time: 1 minute

Security updates released this week by Mozilla include security fixes for numerous vulnerabilities in Firefox, Firefox ESR, and Thunderbird. These include three critical security updates for vulnerabilities that a remote attacker could exploit to obtain sensitive information or execute arbitrary code on the user’s system.

Security Updates for FireFox

Updates available include:

  • Firefox 36
  • Firefox ESR 31.5
  • Thunderbird 31.5

There are 3 critical fixes:
Firefox 36: Fixes a buffer overflow in the libstagefright library during video playback where invalid MP4 video files could result in allocation of a buffer that was too small for the content, that could result in an potentially exploitable crash.

Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Fixes a use-after-free vulnerability when running specific web content with IndexedDB to create an index, potentially resulting in an exploitable crash.

Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Several memory safety bugs are fixed in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption that could be exploited to run arbitrary code.

Other high severity issues addressed in these updates include:

  • Ability to use autocomplete to obtain user information from readable files stored in known local locations.
  • Potential for attackers to use Firefox to execute malware through its update facility
  • Ability for scripts to access browser memory using malicious MP3s.

Comodo IceDragon

Comodo offers a Firefox based browser, Comodo Icedragon that includes enhanced security and privacy features.