Patch Management

Firefox 31 plugs critical memory safety bugs

July 23, 2014

On Tuesday, Mozilla introduced Firefox 31 to users, remediating several vulnerabilities in the popular web browser with 11 patches.

Software bugs addressed include four critical vulnerabilities – one (CVE-2014-1556), which could allow remote attackers to execute malicious code through “crafted WebGL content constructed with the Cesium JavaScript library,” and another, a use-after-free flaw (CVE-2014-1551) in DirectWrite font handling, which could also lead to remote code execution. Two critical, memory safety bugs (CVE-2014-1547 and CVE-2014-1548) in Firefox's browser engine were also addressed, a security advisory from Mozilla said.

The Firefox 31 update also included five patches for vulnerabilities ranked “high,” primarily, user-after-free bugs, and two patches for “moderate” vulnerabilities (an IFRAME sandboxing issue and SSL certificate parsing concern). A toolbar dialog customization event spoofing issue, ranked “low” in priority, was also plugged with the browser release.

prestitial ad