A new patch for Firefox browser version 39 has been released these days by Mozilla. The update fixes four critical vulnerabilities and several less severe.
Mozilla security advisory presented 13 fixes for Firefox 39. The corporation grades the impact keys on four levels- critical, high, moderate and low. The list of all 13 fixes includes four critical, two high, six moderate and one vulnerability with low impact key. Mozilla security advisory shows that security issues relate to poor validation processes, use-after-free vulnerabilities, a variety of memory problems and buffer overflow problems.
Two of four critical vulnerabilities are the use-after-free type. XMLHttpRequest’s works by using established communication channel between a Web page’s client-side and server-side. When XMLHttpRequest works in collaboration with either shared or dedicated workers, errors can occur to object hooked up to a worker as that object is false deleted while still in use. This, in turn, can conduct to exploitable crashes.
The next critical vulnerability (CVE-2015-2731) occurs when a Content Policy varies Document Object Model that lead to a removal of DOM object. An exploitable browser crash can befall from an error in microtask implementation.
The last critical vulnerability (CVE-2015-2726) gives a permission to remote attackers to cause memory corruption and application crash (denial of service) or in some way execute arbitrary code by way of unknown vectors.
Less Critical Vulnerabilities
More to it than that, Mozilla have discovered seven other vulnerabilities, which were directly code-related to the web browser. Three of them we found to use memory that was not initialized. One of those weaknesses related to poor validation process that lead to a crash. This crash was a direct opportunity for potential exploiting. One vulnerability had something to do with free memory in archived files. Two more weaknesses revealed buffer overflow opportunities.Such bugs cannot cause damage to the system during online browsing process. However, Mozilla experts say, that if there were to be a system, made against them, the outcome may be negative in several ways.