Mozilla Firefox 27 Delivers Better Security, Performance
The first open-source Firefox release of 2014 debuts, providing improved security and support for the SPDY 3.1 protocol.Mozilla today released Firefox 27, giving users of the open-source browser new security features and improved performance. There are 13 security advisories attached to the Firefox 27 release, four of them ranked as being critical. As is common in nearly all Firefox release updates, one of the critical updates is for a group of vulnerabilities that Mozilla labels "Miscellaneous memory safety hazards." There is also a critical fix for a use-after-free memory error reported to Mozilla by way of Hewlett-Packard's Zero Day Initiative. Use-after-free errors enable attackers to potentially leverage legitimate memory space to launch arbitrary code. In addition, Firefox 27 provides a fix for a download dialog box window issue that potentially could have enabled a spoofing attack.
"Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed," Mozilla warned in its advisory. "This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to be potentially opened instead of only saved in some circumstances."