Mozilla released 10 security advisories affecting its Firefox open-source web browser. One is critical, four are high and five are moderate.
The critical advisory was for miscellaneous memory safety hazards. While patched, some flaws revealed evidence of memory corruption under certain circumstances. With enough effort, the developers said, attackers could exploit them to run arbitrary code.
A rating of high was issued for a bug in the Firefox Health Report, which is open to contributions of events from any content document present in the remote-report iframe. The presence of another flaw could allow the injection of web content into its iframe, which could then alter a user's preferences.
Arbitrary code execution via JavaScript was also rated high, as was a bug in Using Address Sanitizer. Here a buffer overflow in the libstagefright library could lead to an exploitable crash initiated via web content.
