Patch/Configuration Management, Vulnerability Management

Mozilla patches 11 vulnerabilities in Firefox 71 and ESR 68.3

Mozilla issued patches for Firefox 71 and Firefox ESR 68.3 fixing 11 high- and moderate-rated vulnerabilities.

The majority of the patches were shared between Firefox 71 and ESR 68.3 with Firefox 71 receiving an additional three fixes.

The most severe of the shared patches are:

  • CVE-2019-17008 is a use-after-free in worker destruction issue that if attacked could lead to an exploitable crash.
  • CVE-2019-1372 only effects Windows and can occur when setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash.
  • CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher can cause heap corruption and a potentially exploitable crash.
  • CVE-2019-17012: Memory safety bugs that if left unpatched could be exploited to run arbitrary code.

The security issues patched just in Firefox 71 were CVE-2019-17013, CVE-2019-11756 and CVE-2019-11703.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.