Hot on the heels of Firefox browser’s previous update, Mozilla has released version 6 as part of the team’s rapid upgrade cycle. A total of ten security bugs have been patched, of which eight have a critical rating and two, a high rating, according to the Mozilla advisory. The upgrade fixes several issues including several memory safety bugs, flaws related to unsigned scripts, heap overflows and issues with WebGL shaders, among others.
Although the change log features over 1600 changes, only the most serious have been addressed by Mozilla in its release notes. The memory safety bugs pertain to evidences of memory corruption under some conditions that may be exploited to run arbitrary code. These bugs are known to cause crashes in WebGL, JavaScript and Ogg reader, affecting Firefox versions 4 and 5.
Buffer overrun errors have been fixed in the WebGL rendering engine, which could cause a crash in the string class used to store the shader source code for overly long shader programs. Other fixes to WebGL include addressal of heap overflows in the ANGLE library used by Mozilla’s WebGL implementation.
Of the ten security bugs, two carry a high rating. These bugs are known to cause credential leakage using content security policy reports and cross-origin
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
data theft. Of these, the first
could lead to the incorrect resolution of hosts. The second bug could lead to image data from a
domain read by another domain when using canvas and Windows D2D hardware acceleration.
Firefox 6 brings some new features to the table, which includes a new permissions manager that allows users to tweak permissions on a site-by-site basis. This feature can be used to modify settings like password capture and cookies on a per site basis. Firefox 6 also adds a JavaScript prototyping tool known as Scratchpad for developers.
A complete run-down of the security fixes can be found in this Mozilla Firefox advisory. The Mozilla team has also released security fixes for Firefox version 3.6, updating it to 3.6.20, the details of which are addressed in a separate security advisory.
Firefox 6 is available as an incremental update through a built in update engine for existing users of versions 4 and 5. It is also available as a stand-alone installer from the Mozilla website.