Firefox 3.6.14 is Out, Fixes Security and Stability Issues
The other day we were reporting that Mozilla rolled out the 12th Beta version of Firefox 4 to Windows, Mac OS X and Linux fans. What’s interesting about Firefox 4 Beta 12 is that it is the last Beta in the release cycle; there will not be a Firefox 4 Beta 13, but there will be a Firefox 4 RC (Release Candidate). Can hardly wait.
Today we have to report that Mozilla released an update for Firefox 3.6. On the first day of spring, the 1st of March, Mozilla rolled out Firefox 3.6.14. Users are well advised to get this update because it fixes several stability and security issues. If you didn’t receive an automatic update prompt you can manually trigger the update by clocking Help -> Check for updates, or by downloading Firefox 3.6.14 in your language here.
Firefox 3.6.14 comes accompanied by 10 security advisories, out of which 1 is rated moderate, 1 is rated high, and the remaining 8 are rated critical. The critical rating is given to vulnerabilities that could be exploited by someone with malicious intent to run attacker code and install software on a targeted machine with no interaction from the user, beyond normal browsing of course.
Here are the details Mozilla made public on the security vulnerabilities that accompany Firefox 3.6.14 – just the critical ones:
Title: MFSA 2011-09 Crash caused by corrupted JPEG image
Description: A JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Jordi Chancel.
Title: MFSA 2011-07 Memory corruption during text run construction (Windows)
Description: When very long strings were constructed and inserted into an HTML document, the browser would incorrectly construct the layout objects used to display the text. Under such conditions an incorrect length would be calculated for a text run resulting in too small of a memory buffer being allocated to store the text. This issue could be used by an attacker to write data past the end of the buffer and execute malicious code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Alex Miller.
Title: MFSA 2011-06 Use-after-free error using Web Workers
Description: a JavaScript Worker could be used to keep a reference to an object that could be freed during garbage collection. Subsequent calls through this deleted reference could cause attacker-controlled memory to be executed on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Daniel Kozlowski.
Title: MFSA 2011-05 Buffer overflow in JavaScript atom map
Description: The JavaScript engine's internal mapping of string values contained an error in cases where the number of values being stored was above 64K. In such cases an offset pointer was manually moved forwards and backwards to access the larger address space. If an exception was thrown between the time that the offset pointer was moved forward and the time it was reset, then the exception object would be read from an invalid memory address, potentially executing attacker-controlled memory.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-04 Buffer overflow in JavaScript upvarMap
Description: The JavaScript engine's internal memory mapping of non-local JS variables contained a buffer overflow which could potentially be used by an attacker to run arbitrary code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-03 Use-after-free error in JSON.stringify
Description: A method used by JSON.stringify contained a use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. This could lead to arbitrary code execution if an attacker was able to store malicious code in the freed section of memory.
Affected software: Firefox, SeaMonkey.
Credit: regenrecht, Igor Bukanov.
Title: MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
Description: A recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate to true. An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog.
Affected software: Firefox, SeaMonkey.
Credit: Zach Hoffman.
Title: MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Mozilla developers and community.
For additional information on the security advisories that accompany Firefox 3.6.14 click here.
If you would like to get Firefox 3.6.14, here’s the download link again. Release notes here.
Today we have to report that Mozilla released an update for Firefox 3.6. On the first day of spring, the 1st of March, Mozilla rolled out Firefox 3.6.14. Users are well advised to get this update because it fixes several stability and security issues. If you didn’t receive an automatic update prompt you can manually trigger the update by clocking Help -> Check for updates, or by downloading Firefox 3.6.14 in your language here.
Firefox 3.6.14 comes accompanied by 10 security advisories, out of which 1 is rated moderate, 1 is rated high, and the remaining 8 are rated critical. The critical rating is given to vulnerabilities that could be exploited by someone with malicious intent to run attacker code and install software on a targeted machine with no interaction from the user, beyond normal browsing of course.
Here are the details Mozilla made public on the security vulnerabilities that accompany Firefox 3.6.14 – just the critical ones:
Title: MFSA 2011-09 Crash caused by corrupted JPEG image
Description: A JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Jordi Chancel.
Title: MFSA 2011-07 Memory corruption during text run construction (Windows)
Description: When very long strings were constructed and inserted into an HTML document, the browser would incorrectly construct the layout objects used to display the text. Under such conditions an incorrect length would be calculated for a text run resulting in too small of a memory buffer being allocated to store the text. This issue could be used by an attacker to write data past the end of the buffer and execute malicious code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Alex Miller.
Title: MFSA 2011-06 Use-after-free error using Web Workers
Description: a JavaScript Worker could be used to keep a reference to an object that could be freed during garbage collection. Subsequent calls through this deleted reference could cause attacker-controlled memory to be executed on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Daniel Kozlowski.
Title: MFSA 2011-05 Buffer overflow in JavaScript atom map
Description: The JavaScript engine's internal mapping of string values contained an error in cases where the number of values being stored was above 64K. In such cases an offset pointer was manually moved forwards and backwards to access the larger address space. If an exception was thrown between the time that the offset pointer was moved forward and the time it was reset, then the exception object would be read from an invalid memory address, potentially executing attacker-controlled memory.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-04 Buffer overflow in JavaScript upvarMap
Description: The JavaScript engine's internal memory mapping of non-local JS variables contained a buffer overflow which could potentially be used by an attacker to run arbitrary code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-03 Use-after-free error in JSON.stringify
Description: A method used by JSON.stringify contained a use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. This could lead to arbitrary code execution if an attacker was able to store malicious code in the freed section of memory.
Affected software: Firefox, SeaMonkey.
Credit: regenrecht, Igor Bukanov.
Title: MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
Description: A recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate to true. An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog.
Affected software: Firefox, SeaMonkey.
Credit: Zach Hoffman.
Title: MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Mozilla developers and community.
For additional information on the security advisories that accompany Firefox 3.6.14 click here.
If you would like to get Firefox 3.6.14, here’s the download link again. Release notes here.
