Feeds

Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade

Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln

Choosing a cloud hosting partner with confidence

Mozilla has released a bug-and-security update for Firefox, with 11 security fixes, three of them critical.

Chief among the security patches is a use-after-free bug the organisation says was discovered by one James Kitchener. From the advisory: “Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash”.

Other “miscellaneous memory safety hazards” were discovered in the browser engine. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code”, the advisory notes.

The other critical bug is in the Cesium JavaScript library, here. Crafted WebGL content could be used by a remote attacker to execute arbitrary code on the target system.

There are two Web Audio fixes, one use-after-free memory error leading to a potentially-exploitable crash, and one buffer overflow “because of an error in the the amount of allocated memory for buffers”.

The full list of vulnerabilities is here, and users are advised to update to the latest version of Firefox (31) and Thunderbird (31) - although most of the bugs can't be exploited in Thunderbird. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.