Jump to content

Firefox 39 Out With Patches for Four Critical Vulnerabilities


RV_

Recommended Posts

Firefox 39 just released. Since the updates are now known they can be exploited in anyone that has not updated. That could be a day, an hour or a week.

 

Excerpt:

 

"Mozilla has rolled out a new version of its Firefox browser, an update that includes patches for four critical security vulnerabilities and several less-severe bugs.

 

IN all, Firefox 39 patches 13 vulnerabilities, including two high-risk bugs and six moderate-level ones. The most dangerous vulnerabilities, however, include a pair of use-after-free bugs in one part of the browser and another in a separate component, as well as a number of memory corruption flaws.

 

“Security researcher Looben Yan used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These errors occur when the XMLHttpRequest object is attached to a worker but that object is incorrectly deleted while still in use. This results in exploitable crashes,” the Mozilla advisory says.

 

The other use-after-free flaw is in the Content Policy component of Firefox."

 

See the rest of the details in the full article at: https://threatpost.com/firefox-39-out-with-patches-for-four-critical-vulnerabilities/113686#sthash.hDMXtjzT.dpuf

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
×
×
  • Create New...