Patch/Configuration Management, Vulnerability Management

Several vulnerabilities, some critical, addressed in Firefox 36

Firefox 36 was released on Tuesday and a number of vulnerabilities have been addressed, including a few that are deemed critical.

A buffer overflow in ‘libstagefright' during MP4 video playback was considered critical because it could lead to a potentially exploitable crash, and a use-after-free in IndexedDB was also deemed critical because it, too, could lead to a potentially exploitable crash, according to a post.

Mozilla also addressed several critical memory safety bugs that, under certain circumstances, could be exploited to run arbitrary code, the post noted.

The remaining vulnerabilities are considered to be high, moderate, or low in impact. Some of the high impact bugs include a buffer underflow during MP3 playback, an out-of-bounds read and write while rendering SVG content, and a double-free when using non-default memory allocators with a zero-length XHR.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.