Mozilla has patched three high-severity vulnerabilities with the release of Firefox 81 and Firefox Extended Support Release (ESR) 78.3. Some of the flaws could be exploited to run arbitrary code.
Two critical bugs (CVE-2020-15674 and CVE-2020-15673) were errors in the browser’s memory-safety protections, which prevent memory access issues like buffer overflows. CVE-2020-15674 was discovered in Firefox 80 and reported by Byron Campen and Christian Holler, while CVE-2020-15673 was found in Firefox 80 and Firefox ESR 78.2 and reported by Jason Kratzer.
“Some of these bugs showed evidence of memory corruption, and we presume that with enough effort some of these could have been exploited to run arbitrary code,” said Mozilla in a security advisory.
Mozilla classified these flaws as issues “that can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.”
With the release of Firefox 81 was also fixed a third high-severity flaw (CVE-2020-15675) in its implementation of Web Graphics Library (WebGL), a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser. It is a use-after-free vulnerability and related to the incorrect use of dynamic memory. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program. In Firefox’s case, when processing surfaces for WebGL, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. The flaw was reported by Brian Carpenter.