As per Mozilla’s classification, a critical flaw can be exploited to allow an attacker to run arbitrary code on the systems without any interaction from the user.
Glitches are potentially exploitable to run arbitrary code
Among the major fixes included in Firefox 37 there are two (CVE-2015-0803 and CVE-2015-0804) touching on type confusion, both credited to security researcher Nils, which could lead to use-after-free errors that generate potentially exploitable crashes of the web browser.
Abhishek Arya of Google Chrome Security Team reported two memory corruption crashes (CVE-2015-0805 and CVE-2015-0806) when the browser rendered 2D graphics. According to the security advisory
, the trouble lies in the Off Main Thread Compositing platform.
Another user-after-free error (CVE-2015-0813) that could be leveraged to gain access to the system was reported by Aki Helin, who discovered it while playing certain MP3 audio files with the Fluendo MP3 plugin for GStreamer on Linux.
The issue resides in failure of the plug-in to properly handle some MP3 files and its interaction with code in Firefox.
Last on the list of critical vulnerabilities
are memory safety hazards, which are constantly detected and repaired in Firefox revisions and are usually attributed to Mozilla developers.
Some of these issues could be exploited to attain memory corruption and Mozilla believes that a determined attacker could manage to create an exploit and run arbitrary code on the machine.