Network Security, Patch/Configuration Management, Vulnerability Management

Mozilla patches critical Firefox flaw weeks after update

Mozilla Monday released a security update to patch a critical flaw in Firefox which could allow an attacker to take control of the affected system.

The vulnerability, CVE-2016-9078, only affects Firefox 49 and 50 and was patched in version 50.0.1 and could allow a URL to inherit the wrong origin after an HTTP redirect, according to a Nov. 28 security advisory.

“This can result in same-origin violations against a domain if it loads resources from malicious sites,” the advisory said. “Cross-origin setting of cookies has been demonstrated without the ability to read them.”

Anyone using an infected system is encouraged to update as soon as possible. Earlier this month, Mozilla released a number of security fixes affecting two of its Firefox browsers - the widely used consumer edition, v50, and ESR 45.5, intended for enterprises which manage client desktops.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.