Firefox 39 Out With Patches for Four Critical Vulnerabilities

[RV_]

Firefox 39 just released. Since the updates are now known they can be exploited in anyone that has not updated. That could be a day, an hour or a week.

 

Excerpt:

 

"Mozilla has rolled out a new version of its Firefox browser, an update that includes patches for four critical security vulnerabilities and several less-severe bugs.

 

IN all, Firefox 39 patches 13 vulnerabilities, including two high-risk bugs and six moderate-level ones. The most dangerous vulnerabilities, however, include a pair of use-after-free bugs in one part of the browser and another in a separate component, as well as a number of memory corruption flaws.

 

“Security researcher Looben Yan used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These errors occur when the XMLHttpRequest object is attached to a worker but that object is incorrectly deleted while still in use. This results in exploitable crashes,” the Mozilla advisory says.

 

The other use-after-free flaw is in the Content Policy component of Firefox."

 

See the rest of the details in the full article at: https://threatpost.com/firefox-39-out-with-patches-for-four-critical-vulnerabilities/113686#sthash.hDMXtjzT.dpuf