Firefox 45 browser update patches 22 critical vulnerabilities
The latest version of the Firefox browser comes with security fixes for a total of 40 vulnerabilities, 22 of which are deemed critical.
Firefox 45, released on Tuesday, includes a total of 21 security advisories, including nine critical bulletins.
The majority of the bugs were discovered in the Graphite 2 font processing library. A total of 14 bugs were named in one advisory alone, of which there are heap buffer overflow read and write problems, uninitialized memory errors and out-of-bounds write errors.
Combined with another vulnerability, an out-of-bounds write with a malicious font, and you have a potentially exploitable crash on your hands.
Security
The update also resolves a number of use-after-free vulnerabilities during XML transformations, as well as when a user is running multiple WebRTC data channels.
The same kind of vulnerability was also spotted in the Service Worker Manager platform, the HTML function SetBody and HTML5 string parser functions.
Another critical vulnerability fixed within Firefox 45 is a heap-based buffer overflow vulnerability in Network Security Services (NSS) libraries parsed certain ASN.1 structures. In addition, Mozilla has patched a number of memory corruption bugs which could be exploited to run arbitrary code.
Mozilla has also provided fixes for less severe security issues, including WebRTC and LibVPX vulnerabilities, use-after-free issues, same-origin policy violations and a memory leak in libstagefright.
Alongside the security fixes, Mozilla has also decided to remove features which have not proved popular with users. Tab Groups have now been removed for users of the Firefox browser on Windows, Mac and Linux, although users can still keep this functionality if they wish through add-ons.
In addition, Firefox Android versions 3.0 through 3.2.6 -- otherwise known as Android Honeycomb -- will soon lose the organization's support.
10 things you didn't know about the Dark Web
Read on: Top picks
- How to increase your Bitcoin mining profit by 30 percent with less effort
- SMS Android malware roots and hijacks your device - unless you are Russian
- Bug bounties: Which companies offer researchers cash?
- Shodan: The IoT search engine privacy messenger
- What happens when you leak stolen bank data to the Dark Web?