Patch/Configuration Management, Vulnerability Management

Mozilla patches two Firefox vulnerabilities

Doug OlenickOctober 21, 2016

Mozilla pushed out two security patches for Firefox on Oct. 20 rated as potentially having a high impact on users of the popular browser.

The first vulnerability, CVE-2016-5287, was “a potential exploitable use-after-free crash during actor destruction with service workers, “ according to the patch report. It does not affect release version earlier than Firefox 49.

The second, CVE-2016-5288, was discovered by a Cliqz.com developer who showed that web content could access information in the HTTP cache if e10s is disabled and it affects Firefox versions 48 and 49.

Both issues were patched with the release of Firefox 49.0.2.

Doug Olenick

Related

Google Chrome icon on a computer screen

Patch/Configuration Management

Google patches new zero-day actively exploited in the Chrome browser

Steve ZurierSeptember 28, 2023

Google's most recent patch for Chrome is the fifth actively exploited zero-day targeted by threat actors this year in the popular browser.

Patch/Configuration Management

Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity

Steve ZurierSeptember 27, 2023

The vulnerability — CVE-2023-5129 — was given a critical 10.0 CVSS score by Google and a high-severity 8.8 score by NIST.

Apple iPhone 15s are displayed for sale

Patch/Configuration Management

Apple issues emergency patches on three new exploited zero-days

Steve ZurierSeptember 22, 2023

Security researchers say the three new zero-days are more than likely commercial spyware vendors exploiting them in the wild.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news