From eWeek: Mozilla today is releasing updates to its flagship Firefox browser for both desktop and mobile device users. Firefox 25 provides new features including enhanced Web audio capabilities and delivers at least 10 security updates for the open-source browser.
Mozilla rates as critical five of the security updates for Firefox 25. All five of the issues relate to various memory corruption risks that could potentially enable an attacker to use system memory to launch arbitrary code.
Firefox 25 also provides a security fix for a flaw that leverages the HTML iframes element. Mozilla warned in its security advisory that there was a flaw by which an attacker could maliciously manipulate an iframe with the PDF.js library for rendering PDFs.
"This can be used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object," Mozilla advised. "This can lead to information disclosure of local system files."
Mozilla is also providing a fix for a spoofing security flaw that is rated as having moderate severity.
"Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within select elements and place it in arbitrary locations," Mozilla warned in its advisory. "This can be used to spoof the displayed address bar, leading to click-jacking and other spoofing attacks."
View: Article @ Source Site
