In its latest Firefox browser release, Mozilla this week fixed two critical vulnerabilities – a buffer overflow hazard and a set of memory safety hazards – plus 11 other security holes ranging from low to high in severity.
Discovered by the security researcher “firehack,” the buffer overflow issue (CVE-2016-2819) would occur while parsing HTML5 fragments in a foreign context such as under an SVG (Scalable Vector Graphics) node. According to Mozilla in its security advisory, inserting an HTML fragment into an existing document can trigger a “potentially exploitable crash.”
The other severe flaw was described as miscellaneous memory safety hazards (CVE-2016-2818 and CVE-2016-2815) found in Firefox and its Extended Support Release. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote.
Among the vulnerabilities patched in Firefox 47 that had a high level of severity was a bug that under certain circumstances created a pointerlock without user permission. This pointerlock could not be cancelled without terminating the browser, thus resulting in a persistent denial of service attack. Another was a flaw whereby the Mozilla Windows updater could be used to overwrite arbitrary files, which could have led to an unauthorized privilege escalation.
Other high severity flaws that were addressed included an out-of-bounds write when using the ANGLE graphics library for WebGL (Web Graphics Library) content, and two use-after-free vulnerabilities, which are a type of memory corruption flaw that can be exploited if someone attempts to access and reuse memory after it has been freed.