Mozilla Fixes Firefox Bugs

Firefox 4 along with some of the older versions of the browser (including Firefox 3 and 3.5) have recently gone through significant level of renovation as Mozilla addresses 53 bugs of which 12 were categorized as “critical” while 9 as “major”. This was revealed on April 28 by Mozilla. A major portion of the critical issues involved system crashing and freezing while others dealt with the problem regarding large PDF files not being loaded properly in Firefox. It is to be mentioned that Firefox 4 had a serious security vulnerability in the past that exposed the Windows based systems to cyber attacks.

In a statement, Mozilla included that the developers have successfully repaired memory corruption bugs (MFSA2011-12) found in the browser which under “certain circumstances” could get corrupted. Some of these bugs could be used to run the arbitrary code, Mozilla added.

The latest version of the browser was exposed to “two crashes” due to a programming error that existed in Firefox 4 which could be exploited remotely with the intention of running harmful codes, according to Mozilla. Mozilla advisory MSFA 2011-17 also added that the WebGLES graphics libraries, which support the open source WebGL were compiled without Address Space Layout Randomization (ASLR) protection before they were used in Firefox’s Windows versions. This can be considered as a serious flaw since the main objective of implementing ASLR was to ensure that the addressable memory space is not being located by the cyber criminals who usually look for the memory space to execute the exploits. It would be very much possible for the raiders to compromise the operating system by bypassing the WebGLES libraries of Firefox considering the fact that both Windows Vista and Windows 7 relies on ASLR for protection.

According Mozilla, if an attacker identified an exploitable memory corruption flaw, then s/he could utilize these libraries in order to bypass ASLR on Windows Vista as well as on Windows 7, turning the flaw into exploitable which is also the case for other platforms including Windows XP.

It is to be mentioned that WebGL is an open-source extension to JavaScript that allows a developer to deliver 3D graphics content. Firefox and Google Chrome support this extension which is likely to be included in the upcoming versions of Opera and Safari. Mozilla stated that, two WebGLES related bugs were repaired in Firefox 4.0.1 which were present only in Firefox 4. The browser didn’t have WebGLES in the earlier versions.

Mozilla launched Firefox 4 on March 22. It was followed by the posting of the first build of Firefox 5 during 2nd of May and the first beta release is expected to take place on or around May 17. As far as its Web Browsers are concerned, Mozilla is currently making its way towards a six-week product cycle.