Mozilla has fixed 13 security flaws in the latest stable release of Firefox web browser, Mozilla Firefox 38, including 5 critical flaws, 5 high-risk bugs and 2 moderately rated vulnerabilities in Firefox 38.
List of important fixes included:
- Out-of-bounds read and write vulnerability in the JavaScript subset “asm.js” during the validation procedure, whose exploitation could lead an attacker to read parts of the memory that may contain users sensitive data.
- Buffer overflow in the way the browser parses compressed XML.
- Includes a feature that enables the use of DRM-enabled (Digital Rights Management-enabled) video content in Firefox.
- Includes integration with Adobe Content Decryption Module (CDM), allowing users to play DRM-wrapped content in HTML5 video tag.
- The designed sandbox that encompasses CDM, restricting interaction with sensitive parts of the system and the browser.
- Also offering a version of Firefox 38 that doesn’t include CDM component from the browser.
Resource:
Security Advisories for Firefox
DRM and the Challenge of Serving Users