Network Security, Patch/Configuration Management, Vulnerability Management

Mozilla Firefox patches 29 vulnerabilities

Mozilla Foundation released 29 CVE patches to Firefox 55, including five that address critical vulnerabilities.

Two critical use-after-free vulnerabilities, one located in WebSockets and another with marquee could respectively lead to an exploitable crash.

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished and a separate use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use, according to an Aug. 8 Security Advisory.

The update also patched a critical XUL injection bug in the style editor in devtools caused be to improper sanitization of the web page source code, memory safety bugs in Firefox 55 and Firefox ESR 52.3, all of which code could allow arbitrary code execution.

Researchers recommend users update their systems as soon as possible. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.