Reading Time: 1 minute
Security updates released this week by Mozilla include security fixes for numerous vulnerabilities in Firefox, Firefox ESR, and Thunderbird. These include three critical security updates for vulnerabilities that a remote attacker could exploit to obtain sensitive information or execute arbitrary code on the user’s system.
Updates available include:
- Firefox 36
- Firefox ESR 31.5
- Thunderbird 31.5
There are 3 critical fixes:
Firefox 36: Fixes a buffer overflow in the libstagefright library during video playback where invalid MP4 video files could result in allocation of a buffer that was too small for the content, that could result in an potentially exploitable crash.
Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Fixes a use-after-free vulnerability when running specific web content with IndexedDB to create an index, potentially resulting in an exploitable crash.
Fixed in Firefox 36, Firefox ESR 31.5 and Thunderbird 31.5: Several memory safety bugs are fixed in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption that could be exploited to run arbitrary code.
Other high severity issues addressed in these updates include:
- Ability to use autocomplete to obtain user information from readable files stored in known local locations.
- Potential for attackers to use Firefox to execute malware through its update facility
- Ability for scripts to access browser memory using malicious MP3s.
Comodo IceDragon
Comodo offers a Firefox based browser, Comodo Icedragon that includes enhanced security and privacy features.
START FREE TRIAL GET YOUR INSTANT SECURITY SCORECARD FOR FREE
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoAiStream. Web3 Data Intelligence. Knowledge Amplified. Access Here.
- Minting the Future w Adryenn Ashley. Access Here.
- Buy and Sell Shares in PRE-IPO Companies with PREIPO®. Access Here.
- Source: https://blog.comodo.com/pc-security/mozzilla-releases-critical-security-updates-firefox-thunderbird/
- :where
- a
- access
- allocation
- an
- and
- ARE
- available
- based
- BE
- Blog
- browser
- browsers
- buffer
- buffer overflow
- bugs
- by
- click
- code
- content
- Corruption
- could
- Crash
- create
- critical
- download
- during
- Engine
- enhanced
- Event
- evidence
- execute
- Exploit
- exploited
- Features
- Files
- Firefox
- fixed
- For
- Free
- from
- get
- High
- http
- HTTPS
- in
- include
- includes
- index
- information
- instant
- issues
- ITS
- jpg
- known
- Library
- local
- locations
- malware
- max-width
- Memory
- Mozilla
- numerous
- obtain
- of
- Offers
- on
- or
- Other
- plato
- Plato Data Intelligence
- PlatoData
- potentially
- privacy
- Products
- released
- Releases
- remote
- result
- resulting
- Run
- running
- Safety
- scorecard
- scripts
- security
- send
- sensitive
- several
- showed
- small
- some
- specific
- stored
- system
- that
- The
- These
- this
- this week
- three
- Through
- time
- to
- too
- Update
- Updates
- use
- use-after-free
- used
- User
- Video
- Vulnerabilities
- vulnerability
- was
- web
- week
- when
- with
- Your
- zephyrnet