Mozilla releases Firefox 27, addressing four critical vulnerabilities

Share this article:
Mozilla plugs nine vulnerabilities ranked "critical" in its web browser.
Firefox 27 includes 13 patches, four of which address critical vulnerabilities.

Mozilla Firefox 27, released on Tuesday, includes 13 patches, four of which address critical vulnerabilities.

Of the critical flaws, one involves a crash when using web workers with asm.js, one involves use-after-free with imgRequestProxy and image processing, another involves incorrect use of discarded images by RasterImage, and the final one involves miscellaneous memory safety hazards, according to a security advisory.

Mozilla defines critical flaws as vulnerabilities that can be used to run attacker code and install software, requiring no interaction by users other than regular browsing.

“In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts,” according to a note posted in the description for each of the four critical vulnerabilities.

In an email correspondence, Wolfgang Kandek, CTO of Qualys, told SCMagazine.com that the attacks deemed critical could allow an attacker to take over a targeted computer.

“Attacks of this type usually come through a website that the attacker controls, either itself a victim of the attacker that counts on the site's normal visitors to fall prey to the attack, or specifically setup for the task and then using ‘Search Engine Poisoning' to attract visitors to the site,” Kandek said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.