Firefox 23 patches five critical bugs

By on
Firefox 23 patches five critical bugs

Mozilla has announced new security features and bug fixes for its Firefox browser users.

With the release of Firefox 23 on Tuesday, the company patched five critical bugs in the browser, which addressed two memory safety flaws that could allow a remote attacker to execute arbitrary code or cause a denial-of-service attack resulting in memory corruption and an application crash.

Other critical flaws that were fixed included a buffer underflow issue that occurred when generating certificate request message format (CRMF) requests, and another CRMF request bug that could allow a saboteur to execute malicious code or carry out cross-site scripting (XSS) attacks.

Mozilla also addressed a critical use-after-free problem that occurred when the document object model (DOM) was modified during a SetBody mutation event, which could lead to an exploitable crash.

Firefox 23 also brings a host of browser functionality changes for users, namely a new “mixed content blocking” feature introduced to block man-in-the-middle (MitM) attacks and potential “eavesdroppers on HTTPS pages,” release notes from Mozilla said.

The browser feature would enhance security by blocking certain content by default, like scripts or images on HTTPS pages. Users would be able disable the feature on a page-by-page basis.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Have you adopted agile methodologies?
Yes - And it made a big different improve productivity
Yes - But it's not made a big difference to productivity
No - But we're thinking of giving it a try
No – We’re happy with our current methods
No - Because it is a stupid idea and a fad
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?