Wednesday, April 8, 2015

New Firefox 37 rectifies security flaws

Latest version of open-source web browser Mozilla Firefox 37 is available for download and eliminates several critical security flaws present in prior versions. Not only security fixes this time but also Firefox gets a new feature 'OneCRL' which is responsible for improved revocation of invalid certificates used for validating and securing the connection to an authorized host. According to company's classification - a CRITICAL flaw is the one that allows arbitrary code execution without human intervention. Critical fixes cover under CVE-2015-0803, CVE-2015-0804 and CVE-2015-0813 - all are related to use-after-free issues allowing users to execute arbitrary code or crash vulnerable application. Two memory corruption errors are also reported by Abhishek Arya of Google Chrome Security Team and covered under CVE-2015-0805 and CVE-2015-0806 related to 2D graphics rendering. Besides security updates, OneCRL gives the developer an opportunity to update the list of revoked certificates without pushing a new Firefox update. <more>

No comments: