Firefox and Thunderbird 15 fix several security vulnerabilities
Following the release of version 15 of Firefox and Thunderbird, Mozilla has detailed the security vulnerabilities that have been fixed in both products. The fixes include seven critical vulnerabilities in Firefox, five of which are also present in Thunderbird. All in all, the new version of Firefox addresses 16 vulnerabilities while the new Thunderbird version closes 12 holes.
The bug fixes close several memory-related critical vulnerabilities that could be exploited by remote attackers to execute arbitrary code on a target system. Both Firefox and Thunderbird were affected by a vulnerability that allowed an attacker to inject code into the web console and use eval() to run it in a privileged context. This could allow malicious sites to execute arbitrary code when the console is invoked by the user. This problem, rated as high on Mozilla's scale, has now been fixed. Further security vulnerabilities, two of them rated critical, were closed in the Graphite 2 library, in WebGL and in the SVG rendering engine which are all used by both Firefox and Thunderbird.