Mozilla this week released Firefox 50 in the stable channel to patch 27 vulnerabilities and to provide users with improved Download Protection.
Three of the resolved issues in the popular Web browser were Critical flaws, 12 were considered High risk, 10 were rated Moderate severity, and two were Low risk issues. In addition to resolving all of them, Mozilla packed Firefox 50 with other security improvements as well.
One of the most important vulnerabilities patched in this Firefox release is CVE-2016-5296, a Heap-buffer-overflow WRITE in Cairo when processing SVG content. The bug is caused by compiler optimization, and could result in a potentially exploitable crash.
The other two Critical issues fixed in Firefox 50 were CVE-2016-5289 and CVE-2016-5290 (the latter was resolved in both Firefox 50 and Firefox ESR 45.5), namely a series of memory safety bugs discovered by Mozilla developers and community members. Some of these vulnerabilities showed evidence of memory corruption, presumably allowing a determined attacker to exploit them to run arbitrary code.
Additionally, it resolves an integer overflow leading to a buffer overflow in nsScriptLoadHandler, WebExtensions using access to the mozAddonManager API for elevated privileges, a heap-use-after-free in nsRefreshDriver, 64-bit NPAPI sandbox not being enabled on fresh profile, and canvas filters allowing feDisplacementMaps to be applied to cross-origin images, which allows for timing attacks on them. A location bar spoofing using fullscreen on Firefox for Android was also addressed.
Moreover, the new browser release adds Download Protection for a large number of executable file types on Windows, Mac and Linux, thus improving the overall security of its users. The enhancement comes several months after Mozilla added potentially unwanted software and uncommon downloads to the browser’s security feature.
Powered by the Google Safe Browsing API, Download Protection is periodically improved to keep up with the latest enhancements Google has made to its security service. Safe Browsing, which is used in Chrome as well, offers protection from both malicious websites and nefarious files.
The updated browser release also brings protection against MIME confusion attacks, a security feature that Mozilla announced back in August. Moving forward, Firefox should be able to protect users from attacks where attackers hide malicious code in the form of other file types (such as images).