Mozilla fixes 10 critical flaws with Firefox 7 update

These critical flaws can be used by attackers to run malicious code and install software on the user’s computer without user interaction.

More specifically, Firefox 7 fixes the following critical flaws: use after free reading OGG headers, loadSubScript unwraps XPCNativeWrapper scope, potentially exploitable crash in the YARR regular expression library, potentially exploitable WebGL crashes (two bugs), code installation through holding down ENTER (two bugs), and three miscellaneous memory safety hazards.

In explaining the three miscellaneous memory safety hazards, Mozilla said that its developers “identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

In addition to security fixes, the Firefox 7 browser uses significantly less memory, up to 50% less, according to a blog by Firefox developer Nicholas Nethercote.

“Mozilla engineers started an effort called MemShrink, the aim of which is to improve Firefox’s speed and stability by reducing its memory usage. A great deal of progress has been made, and thanks to Firefox’s faster development cycle, each improvement made will make its way into a final release in only 12–18 weeks. The newest update to Firefox is the first general release to benefit from MemShrink’s successes, and the benefits are significant”, Nethercote explained.

What’s Hot on Infosecurity Magazine?