Mozilla on Tuesday released a number of security fixes affecting two of its Firefox browsers: the widely used consumer edition, v50, and ESR 45.5, intended for enterprises which manage client desktops.
Advisory 2016-89 from Mozilla Foundation Security includes security fixes for three critical, 12 high, 10 moderate, and two low impact issues.
One of the critical bugs patches a heap-buffer-overflow in Cairo which could lead to an exploitable crash. A number of memory safety bugs detected in Firefox 49 and Firefox ESR 45.4 that showed evidence of memory corruption, potentially allowing attackers to run arbitrary code, were issued patches.
Users are urged to upgrade as soon as possible. The next update is scheduled for Dec. 13.