Firefox 24 available now! 17 fixes, 7 critical
Today Mozilla has released Firefox 24.0 (as well as SeaMonkey and Thunderbird 24.0) fixing 17 vulnerabilities.
"Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products," the Mozilla Foundation Security Advisory (MFSA) 2013-76 states. "Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code."
There is also a use-after-free flaw with the "select" HTML element. A use-after-free memory error is one where authorized memory is able to be used by unauthorized elements after it is no longer in use. Mozilla noted in its security advisory that security researcher Scott Bell used Google's open-source Address Sanitizer tool in order to find the flaw. Google commonly uses Address Sanitizer itself to find use-after-free flaws in its own Chrome browser.
Memory corruption that could be triggered simply by scrolling a document is another critical flaw that Firefox 24 is fixing. Mozilla credits famed security researcher Nils for finding and reporting the flaw. Nils first gained media notoriety when as an unknown security researcher, he showed up at the 2009 Pwn2Own hacking challenge and was able to demonstrate previously unknown zero-day flaws in Internet Explorer, Firefox and Safari Web browsers.
There is also a use-after-free flaw with the "select" HTML element. A use-after-free memory error is one where authorized memory is able to be used by unauthorized elements after it is no longer in use. Mozilla noted in its security advisory that security researcher Scott Bell used Google's open-source Address Sanitizer tool in order to find the flaw. Google commonly uses Address Sanitizer itself to find use-after-free flaws in its own Chrome browser.
Memory corruption that could be triggered simply by scrolling a document is another critical flaw that Firefox 24 is fixing. Mozilla credits famed security researcher Nils for finding and reporting the flaw. Nils first gained media notoriety when as an unknown security researcher, he showed up at the 2009 Pwn2Own hacking challenge and was able to demonstrate previously unknown zero-day flaws in Internet Explorer, Firefox and Safari Web browsers.
Firefox 24.0 isn't just a security roll-up. Mozilla has improved the performance, added more modern scrollbars on OS X and numerous other changes.
Nils is also credited with the discovery of a potentially exploitable use-after-free issue that he found in an early test version of Firefox 25. Mozilla has found that they can also fix the same issue in Firefox 24.
The integrity of Mozilla updates is also going to get a bit better with Firefox 24 with improvements to protect the Mozilla Archive (MAR) file that is part of the Mozilla update process.
"Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater," Mozilla warned in its advisory. "This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used."
The integrity of Mozilla updates is also going to get a bit better with Firefox 24 with improvements to protect the Mozilla Archive (MAR) file that is part of the Mozilla update process.
"Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater," Mozilla warned in its advisory. "This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used."
You can Download Latest Updated Mozilla Firefox From here - http://www.mozilla.org/en-US/firefox/update/
You can also check Latest Addon Update from here - https://addons.mozilla.org/en-us/firefox/addon/addon-update-checker/
