Firefox 39 released recently,and soon the latest version of Mozilla’s web browser addresses two-dozen vulnerabilities, including several issues that have been rated as critical.
The list of critical flaws includes two related use-after-free vulnerabilities. The bugs, discovered using the Address Sanitizer tool occur when the XMLHttpRequest object is used in concert with shared or dedicated workers. This results in a crash that can be exploited, Mozilla said.
Another critical use-after-free bug that leads to an exploitable crash occurs when a Content Policy modifies the Document Object Model (DOM) to remove a DOM object.
A total of seven vulnerabilities is being identified by security researcher Ronald Crane have also been rated “critical.” The expert reported three uninitialized memory issues, two buffer overflows, a bug related to unowned memory in ZIP files, and a poor validation issue.
Mozilla developers and members of the community identified three critical memory safety bugs in the browser engine.
The high severity issues fixed by Mozilla with the release of Firefox 39 are privilege escalation vulnerability in the PDF.js PDF file viewer, and a type confusion flaw in the Indexed Database Manager.
Several of the medium severity bugs resolved in Firefox 39 are related to cryptography, including the recently disclosed Logjam vulnerability. The crypto bugs have been fixed in Network Security Services (NSS) version 3.19.1.