Mozilla issued patches for Firefox 71 and Firefox ESR 68.3 fixing 11 high- and moderate-rated vulnerabilities.
The most severe of the shared patches are:
- CVE-2019-17008 is a use-after-free in worker destruction issue that if attacked could lead to an exploitable crash.
- CVE-2019-1372 only effects Windows and can occur when setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash.
- CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher can cause heap corruption and a potentially exploitable crash.
- CVE-2019-17012: Memory safety bugs that if left unpatched could be exploited to run arbitrary code.
The security issues patched just in Firefox 71 were CVE-2019-17013, CVE-2019-11756 and CVE-2019-11703.