Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Mozilla has released a bug-and-security update for Firefox, with 11 security fixes, three of them critical.
Chief among the security patches is a use-after-free bug the organisation says was discovered by one James Kitchener. From the advisory: “Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash”.
Other “miscellaneous memory safety hazards” were discovered in the browser engine. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code”, the advisory notes.
There are two Web Audio fixes, one use-after-free memory error leading to a potentially-exploitable crash, and one buffer overflow “because of an error in the the amount of allocated memory for buffers”.
The full list of vulnerabilities is here, and users are advised to update to the latest version of Firefox (31) and Thunderbird (31) - although most of the bugs can't be exploited in Thunderbird. ®