Mozilla Patches Firefox Holes

Friday, October 21, 2016 @ 03:10 PM gHale


Mozilla pushed out two security patches for Firefox Thursday that could have a high impact on browser users.

Mozilla officials said the vulnerabilities ended up fixed in version 49.0.2.

RELATED STORIES
Browsers Eyed by Malicious Script
Ransomware Decryption Tool Releases
Ransomware Changes Extension
Awareness on Rise, Bad Habits Thrive

The first vulnerability, CVE-2016-5287, was “a potential exploitable use-after-free crash during actor destruction with service workers,” according to the patch report. It does not affect release version earlier than Firefox 49.

The second, CVE-2016-5288, ended up discovered by a Cliqz.com developer who showed web content could access information in the HTTP cache if e10s is disabled.

This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49.



Leave a Reply

You must be logged in to post a comment.