The Mozilla Corporation was established in August 2005 as a wholly owned taxable subsidiary that serves the non-profit, public benefit goals of its parent, the Mozilla Foundation, and the vast Mozilla community.
On Tuesday, April 26, 2016, Mozilla released a security patch update for its browser Firefox, which is used in Windows, Mac, Linux, and Android. In the latest Firefox 46.0, Mozilla fixed 14 vulnerabilities with its patch update.
Mozilla Fixed 14 Vulnerabilities In Firefox
CVE-2016-2804, CVE-2160-2805, CVE-2160-2806, CVE-2160-2807, and CVE-2160-2808 allow attackers to execute the code and gain control over it remotely.
An attacker could exploit the first four vulnerabilities to corrupt the memory via a specially configured HTML file. Arbitrary code execution is also possible using these vulnerabilities in CVE-2160-2811 and CVE-2160-2812.
A vulnerability CVE-2160-2809 in Mozilla Maintenance Service allows you to delete arbitrary files and increase the risk privileges of Windows. CVE-2160-2810 allows the application to read the stored data, including the browsing history in the browser and stored passwords.
The problem affects the devices which are running on Android version 5.0. (Android Lollipop). Exploiting the vulnerability CVE-2160-2813, an attacker can hack the data stored on your Android device and motion sensors.
This could be done with Javascript, which allows the attacker to fix the tap on the screen, and can lead to the abduction of PIN codes and other activities.
The vulnerability CVE-2016-2814 could allow a buffer overflow, and using the CVE-2016-2816 vulnerability, you can get around the Content Protection Policy (CSP).
An attacker can perform cross-site scripting, and gain escalated privileges With CVE-2016-2817, and the vulnerability CVE-2160-2820 is caused because Firefox Health Report takes certain events from untrusted domains.