The Mozilla Foundation has fixed two security issue, one rated critical, in Firefox 57.0.2 and Firefox ESR 52.5.2.
The critical vulnerability covers a buffer overflow issue (CVE-2017-7845) that occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content, Mozilla said in its security update. This issue, which only affects those running Microsoft’s Windows operating system, is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.
The second flaw that was fixed (CVE-2017-7843) if exploited could make it possible for someone to write persistent data to an IndexedDB and fingerprint a user uniquely.
“IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting,” Mozilla noted.