Network Security, Patch/Configuration Management, Vulnerability Management

Mozilla Firefox update includes repair for critical memory safety bugs

The Mozilla Foundation on Wednesday issued updates for the classic Firefox web browser and its Extended Support Release, in the process fixing nine vulnerabilities, one deemed critical.

Six of the nine errors were discovered in both Firefox and Firefox ESR, while the reminder were located in only the former.

The most serious flaw, designated CVE-2018-12376, is a collection of memory safety bugs found in Firefox 61 and Firefox ESR 60.1. "Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code," states a pair of Mozilla security advisories announcing the release of Firefox 62 and Firefox ESR 60.2.

Three of the flaws are considered high severity, two of which (CVE-2018-12377, CVE-2018-12378) are use-after-free vulnerabilities found in both Firefox versions, potentially resulting in exploitable crashes. A third, CVE-2018-12375, consists of a series of memory safety bugs found only in the classic Firefox browser.

The moderate- and low-severity bugs are an out-of-bounds write, a proxy bypass, a potentially malicious page navigation technique, an addressbar spoofing technique, and a failure to delete old unencrypted passwords following the introduction of a master password.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.