Connect with us

Hi, what are you looking for?



Chrome, Firefox Updates Address Security Vulnerabilities

Mozilla has released Firefox 30 which fixes a total of seven vulnerabilities affecting the Web browser. Google has also updated its Chrome Web Browser to address four security holes.

Mozilla has released Firefox 30 which fixes a total of seven vulnerabilities affecting the Web browser. Google has also updated its Chrome Web Browser to address four security holes.

According to an advisory published by Mozilla on Tuesday, five of the seven vulnerabilities fixed in Firefox 30 are critical and could be exploited by an attacker to execute arbitrary code or install software with no user interaction beyond normal Web browsing.

The critical flaws in Firefox include a buffer overflow in the Web Audio Speex resampler, found by Holger Fuhrmannek; a use-after-free vulnerability with the SMIL Animation Controller when interacting with and rendering improperly formed web content, discovered by security researcher “Nils”; a use-after-free in Event Listener Manager reported by Tyson Smith and Jesse Schwartzentruber from BlackBerry; multiple use-after-free and out of bounds issues identified by Abhishek Arya (Inferno) of the Google Chrome Security Team; and miscellaneous memory safety hazards detected by Mozilla’s own developers.

Security researcher Looben Yang identified a high-severity buffer overflow issue in the Gamepad API, and Jordi Chancel found a clickjacking vulnerability through cursor invisibility after Flash interaction. The bug reported by Chancel only affects the OS X version of the Firefox web browser, and the issue found by Yang was only introduced in Firefox 29.

As far as Chrome is concerned, Google has updated the stable channel for Windows, Mac and Linux to version 35.0.1916.153. A total of four vulnerabilities have been fixed with the latest release, with many of them detected using the Address Sanitizer tool, Google engineer Karen Grünberg explained in an advisory on Tuesday.

Collin Payne reported a high-impact use-after-free vulnerability in the fileSystem API (CVE-2014-3154) for which Google rewarded him with $1,000. James March, Daniel Sommermann and Alan Frindell of Facebook also were rewarded with $1,000 for a high-impact out-of-bounds read issue in SPDY (CVE-2014-3155).

Advertisement. Scroll to continue reading.

Atte Kettunen, a frequent reporter of Chrome vulnerabilities, has been given $500 for a medium-impact buffer overflow in clipboard (CVE-2014-3156). A heap overflow flaw in media (CVE-2014-3157) has been identified by members of the Chrome team.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.