Patch/Configuration Management, Vulnerability Management

Mozilla patches three critical vulnerabilities in Firefox

Mozilla rolled out another large security update patching a total of 11 vulnerabilities between Firefox 76 and Firefox ESR 68.8.

The three critical issue (CVE-2020-12387, CVE-2020-12388 and CVE-2020-12395) are shared between the Firefox 76 and ESR 68.8.

The first critical flaw found in both products is a Use-after-free during worker shutdown that can be used to create a potentially exploitable crash. The second is due to Firefox content processes that does not sufficiently lockdown access control which could result in a sandbox escape. The third are memory safety bugs that is believed could result in arbitrary code being run.

The remaining issues were rated high, medium and low. This included CVE-2020-12389, CVE-2020-6831, CVE-2020-12392, CVE-2020-12393 for both products.

Just affecting Firefox 76 were CVE-2020-12390, CVE-2020-12391 and CVE-2020-12394.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.