Firefox 50 Fixes Security Issues

Thursday, November 17, 2016 @ 02:11 PM gHale


Mozilla released Firefox 50, which includes fixes for 27 vulnerabilities.

Of the vulnerabilities, three were critical, 12 rated high, 10 ended up moderate, and two were low severity issues.

RELATED STORIES
Updated Firefox Halts Battery Status Check
Mozilla Patches Firefox Holes
Browsers Eyed by Malicious Script
Ransomware Decryption Tool Releases

Two of the critical issues involve memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5.

“Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code,” Mozilla developers said.

The third critical issue is heap-buffer-overflow that could lead to a potentially exploitable crash.

Among the high severity issues include:
• One that could allow a malicious extension to install additional extensions without explicit user permission
• One that could allow an attacker to perform a man-in-the-middle attack on the user’s connection to the update server and defeat the certificate pinning protection, allowing him to provide a malicious signed add-on instead of a valid update
• One that could allow attackers to spoof the location bar in Firefox for Android
• Several that could lead to potentially exploitable crashes

Firefox ESR 45.5 also released, and shares a number of the Firefox fixes.

The difference between the two products is Firefox is for users who want to get the latest features, performance enhancements and technologies in their browsing experience, while Firefox ESR is meant for organizations that manage their client desktops, including schools, businesses and other institutions that want to offer Firefox.

Users should update their installations as soon as possible. The next update will release December 13.



Leave a Reply

You must be logged in to post a comment.