Mozilla patches 32 vulnerabilities in Firefox 54

The latest version of the browser is no long vulnerable to a bug which triggered exploitable crashes.
Written by Charlie Osborne, Contributing Writer

Mozilla has fixed a total of 32 bugs, one of which deemed critical, in the latest update to the Firefox browser.


According to the firm's latest security advisory, released Tuesday, the most dangerous bug now resolved is a use-after-free vulnerability in the Firefox 54 browser.

The vulnerability, CVE-2017-5472, was discovered by security researcher Nils within the Firefox frameloader during tree reconstruction while regenerating a CSS layout.

When the browser attempted to use a node in the tree that no longer exists, this results in a potentially exploitable crash.

The update also takes care of three other dangerous vulnerabilities, a use-after-free vulnerability when using an incorrect URL during the reloading of a docshell (CVE-2017-7749), another use-after-free vulnerability which occurs during video control operations when a < track > element holds a reference to an older window if that window has been replaced in the DOM (CVE-2017-7750), and a third use-after-free vulnerability with content viewer listeners (CVE-2017-7751).

Each of these vulnerabilities can result in a crash which can be exploited.

In addition, Mozilla has patched six other bugs of varying importance, including an out-of-bounds read security flaw in WebGL, a privilege escalation bug in the Firefox installer -- which only impacts Windows systems -- as well as out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory in the Graphite 2 library.

Another bug, CVE-2017-7759, only affects Firefox users on the Android mobile operating system.

"Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local file: URLs, allowing for the reading of local data through a violation of same-origin policy," Mozilla says.

See also: Mozilla: We will keep Thunderbird after all, so long as it's not a burden to Firefox

In addition to the swathe of security fixes, Mozilla has included some fanfare with the release of Firefox 54. In the hopes of luring users back and away from rival services such as Google Chrome and Safari, Firefox -- known in the past to be something of a memory hog -- has been redesigned with modern browsers in mind.

The browser has now been split into a number of separate processes to run content across tabs, which the Mozilla team hopes will reduce memory demands, increase performance and speed things up when surfing the Internet.

Top tips to stay safe on public Wi-Fi networks

Editorial standards