Firefox 38 has patched eight vulnerabilities varying in severity from low to high, plus five other critical issues. Some of the exposed bugs might have been exploited for the execution of arbitrary code if they were not discovered in time. The issues could have been associated with privilege escalation, bypassing origin restrictions, Android privacy violations, and memory corruption.
Memory Corruption Possible If Bugs Are Exploited
The developer who addressed the vulnerabilities is Ucha Gobejishvili, who has been advising Mozilla on security-related issues. He also eliminated other bugs that could end in memory corruption. According to Mozilla researchers, any attacker who makes just a little effort could exploit the bugs to run arbitrary code.
Most of the disclosed issues that are already fixed could lead to a crash condition of the browser. Most of the vulnerabilities were identified with the help of the Address Sanitizer tool that is mostly employed to reveal memory corruption bugs.
Firefox38 to Add DRM
Researchers have added that the update also includes the integration with Adobe Content Decryption Module (CDM). CDM allows playing DRM-wrapped content in the HTML5 video tag.
The addition of CDM may be categorized as user-friendly since users will have the chance to access premium video content, for instance, Netflix videos.
The CDM is run in a sandbox that does not permit interaction with sensitive parts of both the system and the browser. The option to remove the described component is also given to the user.