Firefox 23 patches five critical bugs

By on
Firefox 23 patches five critical bugs

Mozilla has announced new security features and bug fixes for its Firefox browser users.

With the release of Firefox 23 on Tuesday, the company patched five critical bugs in the browser, which addressed two memory safety flaws that could allow a remote attacker to execute arbitrary code or cause a denial-of-service attack resulting in memory corruption and an application crash.

Other critical flaws that were fixed included a buffer underflow issue that occurred when generating certificate request message format (CRMF) requests, and another CRMF request bug that could allow a saboteur to execute malicious code or carry out cross-site scripting (XSS) attacks.

Mozilla also addressed a critical use-after-free problem that occurred when the document object model (DOM) was modified during a SetBody mutation event, which could lead to an exploitable crash.

Firefox 23 also brings a host of browser functionality changes for users, namely a new “mixed content blocking” feature introduced to block man-in-the-middle (MitM) attacks and potential “eavesdroppers on HTTPS pages,” release notes from Mozilla said.

The browser feature would enhance security by blocking certain content by default, like scripts or images on HTTPS pages. Users would be able disable the feature on a page-by-page basis.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
  |  Forgot your password?