Firefox 54 fixes 32 vulnerabilities
June 18, 2017
Shah Sheikh (1294 articles)

Firefox 54 fixes 32 vulnerabilities

Mozilla Firefox, one of the most popular web browser used across the globe has recently released a patch to fix 32 vulnerabilities in Firefox 54, the latest flagship of the browser. One of the bugs that were fixed was a critical one as it would cause the web browser to crash when exploited.

Known as CVE-2017-5472 and discovered by bug hunter Nils., the bug revolved around the browser’s frame loader during a tree reconstruction and the regeneration of the CSS layout. If you try to access a node that does not exist in the tree, one could potentially cause the browser to crash.

Other vulnerabilities that were fixed include 12 high impact vulnerabilities who also could have caused a crash, but were deemed as less dangerous as CVE-2017-5472. One of the vulnerabilities discovered was setup based which could allow the reading of local content on Android. Another vulnerability allows privilege escalation on Firefox installer on Windows Operating Systems. Four other vulnerabilities were fixed which allowed address bar spoofing.

Last but not least, Firefox 54 is the first browser that comes with the capability to run multiple operating system processes for web page content, dubbed as project “Electrolysis” by Mozilla. In other words, the technology enables the conversion of one web page process to four to speed up performance.

Source: threatpost