Firefoxの 38 has patched eight vulnerabilities varying in severity from low to high, plus five other critical issues. Some of the exposed bugs might have been exploited for the execution of arbitrary code if they were not discovered in time. The issues could have been associated with privilege escalation, bypassing origin restrictions, Android privacy violations, and memory corruption.
One of the most severe problems in Firefoxの 38 concerned an out-of-bounds read and write bug. The glitch was present in the JavaScript subset ‘asm.js’ and it could be traced back to an error in defining the heap lengths. An eventual exploitation could result in reading bits of the memory containing sensitive details.
Memory Corruption Possible If Bugs Are Exploited
The developer who addressed the vulnerabilities is Ucha Gobejishvili, who has been advising Mozilla on security-related issues. He also eliminated other bugs that could end in memory corruption. According to Mozilla researchers, any attacker who makes just a little effort could exploit the bugs to run arbitrary code.
Most of the disclosed issues that are already fixed could lead to a crash condition of the browser. Most of the vulnerabilities were identified with the help of the Address Sanitizer tool that is mostly employed to reveal memory corruption bugs.
Firefox38 to Add DRM
Researchers have added that the update also includes the integration with Adobe Content Decryption Module (CDM). CDM allows playing DRM-wrapped content in the HTML5 video tag.
The addition of CDM may be categorized as user-friendly since users will have the chance to access premium video content, 例えば, Netflix videos.
The CDM is run in a sandbox that does not permit interaction with sensitive parts of both the system and the browser. The option to remove the described component is also given to the user.