Firefox 28 is available for download. In addition to some new features and bug fixes, Mozilla has also addressed a number of security holes, including the ones disclosed by researchers at Pwn2Own 2014.
A total of 18 security issues have been fixed. Five of them are critical, three of them are high-impact, seven are moderate-impact, and three are minor security vulnerabilities.
All of the flaws presented at Pwn2Own are considered critical. They’ve been identified by Mariusz Mlynski, VUPEN, George Hotz (geohot) and Jüri Aedla.
An exploitable use-after-free issue was identified by VUPEN. Experts found that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine.
Hotz has executed arbitrary code by causing an exploitable crash after leveraging an issue where values are copied from an array into a second, neutered array, which allows an out-of-bounds write into memory.
These vulnerabilities impact not only Firefox, but also Seamonkey and Thunderbird.
The fifth critical vulnerability fixed with the release of Firefox 28 is described as “miscellaneous memory safety hazards.”
The high-impact security holes refer to SVG filters information disclosure through feDisplacementMap, an information disclosure through polygon rendering in MathML, and out-of-bounds read during WAV file decoding.
Google fixed the vulnerabilities presented at Pwn2Own 2014 shortly after the hacking competition ended. It appears that Mozilla didn’t want to wait too much either. It remains to be seen when Microsoft will address the Internet Explorer security holes exploited by experts at Pwn2Own.