![]() ![]() The company has decided to do away with Tab Groups, a feature that let users group tabs together and disable older and “rarely used” Android versions (3.0 to 3.2.6, Honeycomb). “This could be used to trick users into potentially treating the page as a different and trusted site,” Mozilla warns.Īside from bug fixes, Mozilla claims the update also discontinues some of the browsers’ lesser-used functionalities. The address bar spoofing issue is interesting because before the update, a user could navigate from one malicious page to another, but once they navigated back to the initial page, the URL bar wouldn’t reflect the reloaded page. ![]() The update also remedies miscellaneous memory safety hazards, memory leaks, and a address bar spoofing issue. As a result Mozilla is urging users to not only update to Firefox 45 to solve the issue, but encouraging anyone who’s coordinating projects running NSS 3.21 to upgrade to NSS 3.21.1. An attacker could have created a certificate that when parsed by NSS, would’ve prompted the library to crash or execute arbitrary code with the permissions of the user. All could have led to potentially exploitable crashes, according to advisories published by Mozilla’s security team Tuesday.Īnother vulnerability, a heap-based buffer overflow existed in the Network Security Services (NSS) libraries. The use-after-free bugs existed in the browser’s HTML5 string parser, WebRTC, XML, and SetBody function. To get a list of all available locales have a look at this file. choco install Firefox -packageParameters 'len-GB'. This package installs Firefox in the first language which matches this list: Install arguments override parameter if present, e.g. ![]() Before it was fixed, a malicious Graphite font, coupled with a combination of uninitialized memory errors, out-of-bounds read errors, and out-of-bounds write errors, could’ve led to a exploitable crash if loaded. Bringing together all kinds of awesomeness to make browsing better for you. The lion’s share of the bugs, 14, were in the font-processing library, Graphite 2. The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities. Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser.
0 Comments
Leave a Reply. |