Mozilla has patched 15 bugs in its Firefox browser five of which were deemed critical and could be exploited by an attacker to run malicious code and install software requiring no user interaction.
Firefox 25 addresses critical issues including use-after-free vulnerabilities, a memory corruption issue in JavaScript engine, and several memory safety bugs.
Of note, patch MFSA 2013-93 plugged memory safety bugs that could potentially allow an attacker to run code of their choosing, Mozilla warned.
“Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products,” the patch advisory said. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”
Bugs posing a “moderate” and “high” threat to users were fixed with the remaining five patches in the release. The fixes addressed a number of issues, including a security bypass vulnerability that could lead to information disclosure of local system files and an issue that could be exploited to spoof displayed address bars, leading to clickjacking attacks.
“Clickjacking” is a hacker method used to reroute traffic to websites and online advertisements of the attackers' choosing.
_(20).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
