Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution.
Firefox 30 is a relatively minor release of the popular browser, with the most notable change being the addition of a sidebar button that allows users to quickly access social and bookmarking sites. The new release also includes a sidebar that enables users to follow the action of the World Cup as it happens.
Among the security fixes are the five critical vulnerabilities, which include three use-after-free bugs and a buffer overflow. Mozilla’s internal developers also identified a number of memory corruption vulnerabilities that were fixed in Firefox 30.
“Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” the security advisory says.
Here is the complete list of security vulnerabilities repaired in Firefox 30:
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Among the high-impact bugs fixed in this release is a vulnerability that, under some highly specific circumstances, could lead to a clickjacking attack.
Google Patches Flaws in Chrome
Also on Tuesday, Google fixed a handful of vulnerabilities in Chrome 35, including high-risk flaws. The company handed out $2,500 in rewards to researchers, as well. The bugs fixed in the browser include:
[$1000] High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
[$1000] High CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook.
[$500] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen of OUSPG.