

All could have led to potentially exploitable crashes, according to advisories published by Mozilla’s security team Tuesday.Īnother vulnerability, a heap-based buffer overflow existed in the Network Security Services (NSS) libraries. The use-after-free bugs existed in the browser’s HTML5 string parser, WebRTC, XML, and SetBody function. Before it was fixed, a malicious Graphite font, coupled with a combination of uninitialized memory errors, out-of-bounds read errors, and out-of-bounds write errors, could’ve led to a exploitable crash if loaded. The lion’s share of the bugs, 14, were in the font-processing library, Graphite 2. The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities.


Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser.
