Use-after-free and memory corruption faults get repaired

Apr 1, 2015 13:35 GMT  ·  By

Mozilla released a new Firefox version that addresses several critical vulnerabilities and adds OneCRL, a feature designed to improve revocation of fraudulently issued intermediate certificates used for validating and securing the connection to a legitimate host.

As per Mozilla’s classification, a critical flaw can be exploited to allow an attacker to run arbitrary code on the systems without any interaction from the user.

Glitches are potentially exploitable to run arbitrary code

Among the major fixes included in Firefox 37 there are two (CVE-2015-0803 and CVE-2015-0804) touching on type confusion, both credited to security researcher Nils, which could lead to use-after-free errors that generate potentially exploitable crashes of the web browser.

Abhishek Arya of Google Chrome Security Team reported two memory corruption crashes (CVE-2015-0805 and CVE-2015-0806) when the browser rendered 2D graphics. According to the security advisory, the trouble lies in the Off Main Thread Compositing platform.

Another user-after-free error (CVE-2015-0813) that could be leveraged to gain access to the system was reported by Aki Helin, who discovered it while playing certain MP3 audio files with the Fluendo MP3 plugin for GStreamer on Linux.

The issue resides in failure of the plug-in to properly handle some MP3 files and its interaction with code in Firefox.

Last on the list of critical vulnerabilities are memory safety hazards, which are constantly detected and repaired in Firefox revisions and are usually attributed to Mozilla developers.

Some of these issues could be exploited to attain memory corruption and Mozilla believes that a determined attacker could manage to create an exploit and run arbitrary code on the machine.

OneCRL Certificate Revocation Mechanism

Whenever a rogue digital certificate was identified, revoking it required Mozilla to update the web browser in order to integrate the changes for the certificate store used by Firefox.

With OneCRL, the developer can update the list of revoked certificates without pushing a new Firefox update, which causes the information to reach users with a delay and also involves costs from Mozilla.

Websites use digital certificates as a means of identification and to offer users a secure connection to their servers. A certificate is issued by a Certificate Authority (CA), a trusted entity that verifies the legitimacy of the certificate owner. This way, a chain of trust is created on the web.

If a certificate falls in the wrong hands, it can be used to impersonate the website it was issued for and deliver malicious content to users. In these cases, the certificates need to be revoked in the shortest time possible.

“OneCRL helps speed up revocation checking by maintaining a centralized list of revoked certificates and pushing it out to browsers,” a blog post from Mozilla explains.