Mozilla Foundation released 29 CVE patches to Firefox 55, including five that address critical vulnerabilities.
Two critical use-after-free vulnerabilities, one located in WebSockets and another with marquee could respectively lead to an exploitable crash.
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished and a separate use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use, according to an Aug. 8 Security Advisory.
The update also patched a critical XUL injection bug in the style editor in devtools caused be to improper sanitization of the web page source code, memory safety bugs in Firefox 55 and Firefox ESR 52.3, all of which code could allow arbitrary code execution.
Researchers recommend users update their systems as soon as possible.