Patch Management

Mozilla patches 11 vulnerabilities in Firefox 71 and ESR 68.3

December 5, 2019
  • CVE-2019-17008 is a use-after-free in worker destruction issue that if attacked could lead to an exploitable crash.
  • CVE-2019-1372 only effects Windows and can occur when setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash.
  • CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher can cause heap corruption and a potentially exploitable crash.
  • CVE-2019-17012: Memory safety bugs that if left unpatched could be exploited to run arbitrary code.
prestitial ad