Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

Firefox 29 fixes several critical flaws, including memory safety bugs

Mozilla rolled out Firefox 29 on Tuesday, a huge overhaul that addresses 15 security vulnerabilities, six of which are deemed critical, meaning the bug could be used to run attack code and install software with no user interaction aside from normal browsing.

The critical vulnerabilities included three use-after-free bugs in nsHostResolve, imgLoader, and Text Track Manager for HTML video; a privilege escalation issue through Web Notification API, and two memory safety flaws in the browser engine and other Mozilla-based products, an advisory from the company said.

Of note, the memory safety bugs (CVE-2014-1518 and CVE-2014-1519) could allow remote attackers to launch denial-of-service attacks against users, or execute arbitrary code through "unknown vectors," the company warned.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.