Patch/Configuration Management, Vulnerability Management

Firefox 31 plugs critical memory safety bugs

On Tuesday, Mozilla introduced Firefox 31 to users, remediating several vulnerabilities in the popular web browser with 11 patches.

Software bugs addressed include four critical vulnerabilities – one (CVE-2014-1556), which could allow remote attackers to execute malicious code through “crafted WebGL content constructed with the Cesium JavaScript library,” and another, a use-after-free flaw (CVE-2014-1551) in DirectWrite font handling, which could also lead to remote code execution. Two critical, memory safety bugs (CVE-2014-1547 and CVE-2014-1548) in Firefox's browser engine were also addressed, a security advisory from Mozilla said.

The Firefox 31 update also included five patches for vulnerabilities ranked “high,” primarily, user-after-free bugs, and two patches for “moderate” vulnerabilities (an IFRAME sandboxing issue and SSL certificate parsing concern). A toolbar dialog customization event spoofing issue, ranked “low” in priority, was also plugged with the browser release.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.