Today's Hard|Forum Post
Today's Hard|Forum Post

Monday August 31, 2015

Mozilla Updates Firefox 40 to Patch Two Serious Flaws

Those of you using Firefox will be happy to know that Mozilla has patched up two major security flaws.

The first flaw, a use-after-free triggered when a canvas element is resized (CVE-2015-4497), has been rated critical. An attacker can exploit the vulnerability by setting up a malicious webpage that causes Firefox to crash. The weakness can potentially be exploited to execute arbitrary code with the privileges of the attacked Firefox user. The second flaw, rated high-severity, has been described as an add-on notification bypass through data URLs (CVE-2015-4498).