Mozilla Releases Critical Security Updates for FireFox, Thunderbird

February 26, 2015 | By K. Joseph Breheny
1 Star2 Stars3 Stars4 Stars5 Stars
Loading...

Security updates released this week by Mozilla include security fixes for numerous vulnerabilities in Firefox, Firefox ESR, and Thunderbird. These include three critical security updates for vulnerabilities that a remote attacker could exploit to obtain sensitive information or execute arbitrary code on the user’s system.

Security Updates for FireFox

Updates available include:

  • Firefox 36
  • Firefox ESR 31.5
  • Thunderbird 31.5

There are 3 critical fixes:
Firefox 36: Fixes a buffer overflow in the libstagefright library during video playback where invalid MP4 video files could result in allocation of a buffer that was too small for the content, that could result in an potentially exploitable crash.

Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Fixes a use-after-free vulnerability when running specific web content with IndexedDB to create an index, potentially resulting in an exploitable crash.

Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Several memory safety bugs are fixed in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption that could be exploited to run arbitrary code.

Other high severity issues addressed in these updates include:

  • Ability to use autocomplete to obtain user information from readable files stored in known local locations.
  • Potential for attackers to use Firefox to execute malware through its update facility
  • Ability for scripts to access browser memory using malicious MP3s.

Comodo IceDragon

Comodo offers a Firefox based browser, Comodo Icedragon that includes enhanced security and privacy features.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>