Firefox 35 patches CRITICAL flaws

Last Tuesday, Mozilla rolled out Firefox 35 addressing various vulnerabilities along with some new features. Out of NINE flaws, THREE of them are rated CRITICAL by the company. One critical security flaw is related to Gecko Media Plugin (GMP) sandbox escape targeting windows platform - addressed under CVE-2014-8643, Mozilla credits MWR Labs researcher Nils for the vulnerability. GMP is used to host h.264 video playback using the OpenH264. Second critical vulnerability was reported by researcher Mitchell Harper - related to read-after-free in WebRTC and covered under (CVE-2014-8641). CVE-2014-8634 and CVE-2014-8635 also addresses critical security flaws in the browser engine, identified by Mozilla developers. <more>