Saturday, February 8, 2014

Firefox 27 fixes 13 security holes

Mozilla has addressed a total of 13 security vulnerabilities with the release of Firefox 27. The list includes four critical, four high, four moderate and one low-impact flaws. The critical vulnerabilities, which can be exploited to execute arbitrary code without user interaction, are a use-after-free during image processing, an issue with image decoding in RasterImage, a crash when terminating a web worker running asm.js code, and miscellaneous memory safety hazards. The high-impact security holes are a cross-origin information leak through web workers, NSS ticket handling problems, and cloning protected XUL elements with XML Binding Language scopes. Boris Zbarsky, a Mozilla developer, has identified an inconsistency with the different JavaScript engines in the way they handle "window" objects. For additional details on the vulnerabilities fixed in Firefox 27, check out the vendor security advisories. <more>

No comments: