On Tuesday, Mozilla introduced Firefox 31 to users, remediating several vulnerabilities in the popular web browser with 11 patches.
Software bugs addressed include four critical vulnerabilities – one (CVE-2014-1556), which could allow remote attackers to execute malicious code through “crafted WebGL content constructed with the Cesium JavaScript library,” and another, a use-after-free flaw (CVE-2014-1551) in DirectWrite font handling, which could also lead to remote code execution. Two critical, memory safety bugs (CVE-2014-1547 and CVE-2014-1548) in Firefox's browser engine were also addressed, a security advisory from Mozilla said.
The Firefox 31 update also included five patches for vulnerabilities ranked “high,” primarily, user-after-free bugs, and two patches for “moderate” vulnerabilities (an IFRAME sandboxing issue and SSL certificate parsing concern). A toolbar dialog customization event spoofing issue, ranked “low” in priority, was also plugged with the browser release.