Network Security, Patch/Configuration Management, Vulnerability Management

Mozilla fixes critical vulnerabilities in Firefox browser and Extended Support Release

Mozilla yesterday issued two security advisories announcing key updates to its Firefox browser and the Firefox Extended Support Release (ESR), both of which fixed vulnerabilities that the open-source developer labeled as critical.

The latest iteration of the Firefox browser, version 44.0.2, has addressed a critical vulnerability surrounding the ability of service workers to intercept responses to plug-in network requests. Plug-ins responsible for making security decisions were susceptible to forged, malicious responses that would allow websites to override same-origin policies — an important security measure that forbids web pages from accessing sensitive data on other web pages unless they share the same origin.

Meanwhile, version 38.6.1 of the Firefox ESR has patched a vulnerability associated with a malicious Graphite 2 smart font capable of triggering an arbitrary code execution. According to Mozilla, the malicious font “could circumvent the validation of internal instruction parameters in the Graphite 2 library using special CNTXT_ITEM instructions,” potentially resulting in code execution. Mozilla addressed issue by integrating more updated version of Graphite 2 into its ESR.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.