Patch/Configuration Management, Vulnerability Management

Several vulnerabilities addressed in Firefox 35, some deemed critical

Mozilla released Firefox 35 on Tuesday, and it comes with fixes for numerous vulnerabilities, a few of which are deemed critical.

Security researcher Nils is credited with discovering a critical ‘Gecko Media Plugin (GMP) sandbox escape' vulnerability that could enable an attacker to “escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process,” according to an advisory.

Mitchell Harper, a security researcher, is credited with discovering a critical ‘read-after-free in WebRTC' that, if exploited, could result in a “potentially exploitable crash or incorrect WebRTC,” an advisory indicates.

Mozilla also addressed miscellaneous memory safety hazards that are deemed critical. An advisory notes that some of the vulnerabilities “showed evidence of memory corruption under certain circumstances,” and states that some bugs could presumably be exploited to run arbitrary code.

The single high impact vulnerability is an ‘uninitialized memory use during bitmap rendering' reported by Google security researcher Michal Zalewski, according to an advisory. The bug could possibly enable data to leak to web content.

The remaining vulnerabilities – deemed moderate or low impact – include one bug that could potentially enable privilege escalation, and another flaw that can possibly enable a cross-site request forgery attack from malicious websites.

In the December 2014 release of Firefox 34, Mozilla dropped support for SSL 3.0 entirely in order to protect users from its inherent vulnerabilities, Chad Weiner, director of product management for Firefox, told SCMagazine.com at the time.

Disabling support for SSL 3.0 addresses POODLE, a severe vulnerability in SSL 3.0 that was discovered by Google researchers in October and could enable an attacker to intercept plaintext data from secure connections. Fallback to SSL 3.0 was removed in Chrome 39 in November 2014, and will be disabled completely in Chrome 40.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.