Mozilla Updates Firefox to Patch Two Serious Vulnerabilities

Mozilla has updated its flagship browser Firefox to version 40.0.3 late Thursday, patching a couple of substantial vulnerabilities found in the popular, open-source and cross-platform browser.

Mozilla has just updated Firefox to squash a couple of serious vulnerabilities, with the release of version 40.0.3, according to SecurityWeek.

The first bug, rated ‘critical’ by its own advisory (CVE-2015-4497) is triggered when a <canvas> element is resized. Quite simply, a malicious attacker can launch an exploit to take advantage of the vulnerability by setting up a malicious web page. The exploit causes Firefox to crash, and this gaping vulnerability can potentially allow arbitrary code to be executed with the privileges of the targeted Firefox user.

The use-after-free vulnerability was initially discovered by Jean-Max Reymond, a Mozilla community member. The same issues were later reported by Ucha Gobejishvili, working with HP’s Zero Day Initiative.

In its advisory, Mozilla Wrote: “This [vulnerability] occurs when a resize event is triggered in concert with style changes, but the canvas references have been recreated in the meantime, destroying the originally referenced context. This results in an exploitable crash.”

Rated ‘high-impact, the second flaw (CVE-2015-4498) is termed an ‘add-on notification bypass’ through data URLs. The vulnerability was discovered and reported by security researcher Bas Venis, who noted that add-ons could be installed from a different source than the one a user would expect.

Usually, Firefox does not prompt a warning dialog box when a URL is directly entered into the address box by the user leading to an add-on page. This install-warning dialog box is bypassed because the URL action is seen by Firefox as a deliberate user action.

As it turns out, Bas Venis noted that any attacker could ostensibly manipulate a data: URL on a loaded page to simulate a user’s direct actions. The advisory also notes that the installation prompt can be triggered by an attacker on top of a different website by initiating a page navigation immediately after the add-on installation trigger.

Due to this, a malicious attacker could get Firefox users to install a malicious add-on while tricking the user into thinking the add-on is from a legitimate source.

While there are no reports yet of the vulnerabilities exploited in the wild, Ubuntu has already released updated patched packages.

Instructions to download the latest version of Firefox can be found here.