Firefox 38 was released on Tuesday and comes with fixes for a number of security vulnerabilities.
Among the critical bugs that were addressed are a buffer overflow when parsing compressed XML, a use-after-free during text processing when vertical text is enabled, and a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page, according to a Tuesday post. All aforementioned vulnerabilities could lead to a potentially exploitable crash.
An out-of-bounds read and write in asm.js during JavaScript validation was deemed critical because it could lead to a potentially exploitable crash and could allow for the reading of random memory, which could contain sensitive data, the post stated.
Critical miscellaneous memory safety hazards were also addressed, as well as a variety of other high, moderate and low impact vulnerabilities.