Patch/Configuration Management, Vulnerability Management

Firefox 38 fixes a number of vulnerabilities, several deemed critical

Firefox 38 was released on Tuesday and comes with fixes for a number of security vulnerabilities.

Among the critical bugs that were addressed are a buffer overflow when parsing compressed XML, a use-after-free during text processing when vertical text is enabled, and a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page, according to a Tuesday post. All aforementioned vulnerabilities could lead to a potentially exploitable crash.

An out-of-bounds read and write in asm.js during JavaScript validation was deemed critical because it could lead to a potentially exploitable crash and could allow for the reading of random memory, which could contain sensitive data, the post stated.

Critical miscellaneous memory safety hazards were also addressed, as well as a variety of other high, moderate and low impact vulnerabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.