A heap-buffer-overflow vulnerability which could lead to an exploitable crash was fixed.
A heap-buffer-overflow vulnerability which could lead to an exploitable crash was fixed.

Mozilla on Tuesday released a number of security fixes affecting two of its Firefox browsers: the widely used consumer edition, v50, and ESR 45.5, intended for enterprises which manage client desktops.

Advisory 2016-89 from Mozilla Foundation Security includes security fixes for three critical, 12 high, 10 moderate, and two low impact issues.

One of the critical bugs patches a heap-buffer-overflow in Cairo which could lead to an exploitable crash. A number of memory safety bugs detected in Firefox 49 and Firefox ESR 45.4 that showed evidence of memory corruption, potentially allowing attackers to run arbitrary code, were issued patches.

Of the flaws whose impact was ranked "High," the upgrade fixes a bug that during URL parsing, could enable a maliciously crafted URL to cause a potentially exploitable crash. Also patched was an error in argument length checking in JavaScript, that could potentially result in integer overflows or other bounds checking issues. As well, a buffer overflow flaw was addressed that could have allowed a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.

Users are urged to upgrade as soon as possible. The next update is scheduled for Dec. 13.