Browser bods emit ten patches in total, some for critical or high severity holes
Mozilla has patched 10 vulnerabilities, some some rated either critical or high-severity, that permitted code execution in version 46 of its popular Firefox web browser.
One of the patched high-severity flaws was burnt reported by the Communications-Electronics Security Group (CESG), the information security limb of the UK’s Government Communications Headquarters (GCHQ).
Mozilla says in an advisory that four critical memory safety bugs (CVE-2016-2804 to 2807) are now patched.
“Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products,” the security team says
“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”
The lone high severity bug was found by British security bods Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of Newcastle University.
The flaw hits Firefox’s mobile app and offers a way to steal data.
“This allows an attacker to infer touch actions on the device through these sensors when orientation events are triggered in the browser, compromising user privacy and including potentially revealing entered PIN code data along with other user activities.” ®
Accelerate application development the modern way