In version 46 of its popular Firefox web browser, Mozilla has patched 10 vulnerabilities, some rated either critical or high severity, that permitted remote code execution.
One of the patched high-severity flaws was burned reported by the Communications-Electronics Security Group (CESG), the information security limb of the UK's Government Communications Headquarters (GCHQ).
Mozilla says in an advisory that four critical memory safety bugs (CVE-2016-2804 to 2807) are now patched.
"Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products," the security team says
"Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code."
The lone high severity bug was found by British security bods Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of Newcastle University.
"This allows an attacker to infer touch actions on the device through these sensors when orientation events are triggered in the browser, compromising user privacy and including potentially revealing entered PIN code data along with other user activities." ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks
- Patch Tuesday