Security Experts:

Chrome, Firefox Updates Address Security Vulnerabilities

Mozilla has released Firefox 30 which fixes a total of seven vulnerabilities affecting the Web browser. Google has also updated its Chrome Web Browser to address four security holes.

According to an advisory published by Mozilla on Tuesday, five of the seven vulnerabilities fixed in Firefox 30 are critical and could be exploited by an attacker to execute arbitrary code or install software with no user interaction beyond normal Web browsing.

The critical flaws in Firefox include a buffer overflow in the Web Audio Speex resampler, found by Holger Fuhrmannek; a use-after-free vulnerability with the SMIL Animation Controller when interacting with and rendering improperly formed web content, discovered by security researcher “Nils”; a use-after-free in Event Listener Manager reported by Tyson Smith and Jesse Schwartzentruber from BlackBerry; multiple use-after-free and out of bounds issues identified by Abhishek Arya (Inferno) of the Google Chrome Security Team; and miscellaneous memory safety hazards detected by Mozilla’s own developers.

Security researcher Looben Yang identified a high-severity buffer overflow issue in the Gamepad API, and Jordi Chancel found a clickjacking vulnerability through cursor invisibility after Flash interaction. The bug reported by Chancel only affects the OS X version of the Firefox web browser, and the issue found by Yang was only introduced in Firefox 29.

As far as Chrome is concerned, Google has updated the stable channel for Windows, Mac and Linux to version 35.0.1916.153. A total of four vulnerabilities have been fixed with the latest release, with many of them detected using the Address Sanitizer tool, Google engineer Karen Grünberg explained in an advisory on Tuesday.

Collin Payne reported a high-impact use-after-free vulnerability in the fileSystem API (CVE-2014-3154) for which Google rewarded him with $1,000. James March, Daniel Sommermann and Alan Frindell of Facebook also were rewarded with $1,000 for a high-impact out-of-bounds read issue in SPDY (CVE-2014-3155).

Atte Kettunen, a frequent reporter of Chrome vulnerabilities, has been given $500 for a medium-impact buffer overflow in clipboard (CVE-2014-3156). A heap overflow flaw in media (CVE-2014-3157) has been identified by members of the Chrome team.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.