Mozilla’s latest incarnation of the Firefox internet browser, version 47, fixes a number of serious security problems, including some which can result in exploitable browser crashes.
According to a security advisory posted on Tuesday, Firefox 47 patches a total of 13 vulnerabilities, with two of them deemed critical.
The first of the most serious vulnerabilities is a buffer overflow parsing issue . The browser experiences a buffer overflow problem when parsing HTML5 fragments "in a foreign context such as under an < svg > node," according to the advisory. When an HTML fragment is inserted into an existing document, this could potentially lead to an exploitable crash.
The second set of critical issues relate to various memory safety hazards. A number of bugs, now patched, were reported by 14 security researchers and community members in Firefox and other Mozilla products. The issues could not only lead to memory corruption but in some cases could also lead to remote code execution.
More security news
Mozilla patched a further 11 vulnerabilities in the browser. The flaws included bugs which allowed Java applets to bypass CSP protections, information disclosure through CSS flaws, use-after-free vulnerabilities, address bar spoofing and file overwrite and privilege escalation through the Mozilla Windows updater.
An interesting bug would also allow attackers to manipulate the pointerlock API to conduct spoofing and clickjacking attacks.
In addition to the security updates, Firefox 47 has also gained a sidebar for synced tabs across other devices and a boost to YouTube playback support. Mozilla has also increased support for HTML5 and made a number of web platform improvements.
If you are using Mozilla Firefox on the Android Gingerbread platform, it is worth noting that this will be the last update available. The company will no longer support the operating system version after this round of fixes and improvements.