Mozilla released security updates to address vulnerabilities in Firefox and Firefox ESR which could allow a remote attacker to take control of an affected system.
“The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox64 and FirefoxESR 60.4 and apply the necessary updates,” according to the Dec. 11 US-CERT advisory.
Mozilla released a total of 17 CVEs between the two advisories, three of the CVEs were rated critical and four of them were rated high.
The critical vulnerabilities all involved memory safety bugs in Firefox 64 and Firefox ESR 60.4. Other patches included fixes for buffer overflow and out of bounds read inANGLE library with TextureStorage11, use-after-free with select element bugs, and other buffer overflow flaws.