Patch Management

Mozilla issues five critical patches for Firefox and Firefox ESR

January 25, 2017

Mozilla issued two security advisories covering Firefox and Firefox ESR that between them contain 33 security patches, five rated as critical.

The fixes, which are contained in the just released Firefox 51 and Firefox ESR 45.7, in some cases repair similar problems found in both applications.

The first set of shared critical issues are covered under CVE-2017-5375. These are problems if not patched could allow the bypass of Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protections. Next is CVE-2017-5376 which patches a use-after-free while manipulating XSL in XSLT documents problem for both applications. The last common flaw, CVE-2017-5374, covered memory corruption problems.

Firefox also had two separate critical memory corruption issues, CVE-2017-5374 and CVE-2017-5377, that were patched. The latter could result in an exploitable crash.

There were also six patches rated as “high” by Mozilla, three of these are shared between Firefox 51 and ESR 45.7. There were 10 “moderate” impact items, two shared. Finally, there were three low priority fixes for Firefox. 

prestitial ad