Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

Firefox 23 patches five critical bugs, adds feature to block MitM attacks


Mozilla has announced new security features and bug fixes for its Firefox browser users.

With the release of Firefox 23 on Tuesday, the company patched five critical bugs in the browser, which addressed two memory safety flaws that could allow a remote attacker to execute arbitrary code or cause a denial-of-service attack resulting in memory corruption and an application crash.

Other critical flaws that were fixed included a buffer underflow issue that occurred when generating certificate request message format (CRMF) requests, and another CRMF request bug that could allow a saboteur to execute malicious code or carry out cross-site scripting (XSS) attacks.

Mozilla also addressed a critical use-after-free problem that occurred when the document object model (DOM) was modified during a SetBody mutation event, which could lead to an exploitable crash.

Firefox 23 also brings a host of browser functionality changes for users, namely a new “mixed content blocking” feature introduced to block man-in-the-middle (MitM) attacks and potential “eavesdroppers on HTTPS pages,” release notes from Mozilla said.

The browser feature would enhance security by blocking certain content by default, like scripts or images on HTTPS pages. Users would be able disable the feature on a page-by-page basis.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.