Mozilla addressed more than a dozen vulnerabilities in the Firefox web browser with the release of version 47 on Tuesday, including issues rated as having critical impact.
The critical vulnerabilities are described in two advisories and they have been assigned three CVE identifiers. One of the flaws, tracked as CVE-2016-2819, is a heap buffer overflow triggered when parsing HTML5 fragments. The security hole, reported by a researcher with the moniker “firehack,” can lead to a potentially exploitable crash when inserting an HTML fragment into a document.
Various memory safety bugs and crashes reported by Mozilla developers and members of the community have also been rated as having critical impact (CVE-2016-2815 and CVE-2016-2818).
Six of the vulnerabilities patched with the release of Firefox 47 have been rated “high impact.” One of them, also discovered by “Firehack,” is a use-after-free (CVE-2016-2821) that occurs when a DOM table element created in contenteditable mode is deleted.
Researcher sushi Anton Larsson discovered a pointer lock permission bypass issue (CVE-2016-2831) that can be exploited for persistent denial-of-service (DoS) attacks, and spoofing and clickjacking attacks against the browser’s user interface.
Another high severity flaw was reported by a Mozilla community member who uses the moniker “jomo.” He discovered that a use-after-free bug resulting in a potentially exploitable crash can be triggered when processing WebGL content (CVE-2016-2828).
The Windows version of Firefox is affected by a vulnerability related to the updater (CVE-2016-2826). An attacker could exploit this weakness to overwrite arbitrary files and even for privilege escalation if the targeted files are used by high-privileged Windows components.
Another high severity flaw that only affects the Windows version of Firefox is an out-of-bounds write (CVE-2016-2824) related to the ANGLE graphics library that is used for WebGL content. Exploiting this vulnerability could result in a crash.
Firefox 47 also patches four medium and two low severity issues, including memory safety bugs in Network Security Services (NSS), failure of the Content Security Policy (CSP) to block Java applets, information disclosure on disabled plugins, address bar spoofing, incorrect icons displayed when requesting permissions, and partial same-origin policy (SOP) violations.