Firefox Fixed Just After Update

Monday, March 25, 2019 @ 03:03 PM gHale

After releasing a security update one week ago, Mozilla issued a fix for its Firefox 66 web browser to handle two critical security holes.

Firefox 66.0.1 is now available, just after the release of Firefox 66.0, to patch CVE-2019-9810 and CVE-2019-9813.

Mozilla Releases Security Updates for Firefox
Chrome Update Released
Chrome Zero Day Fixed in Latest Release
Fix Coming for Chrome Zero Day

Mozilla released the fix Friday for CVE-2019-9810, which is a buffer overflow issue and missing bounds check flaw in the Firefox 66.0 release due to incorrect alias information in the IonMonkey JIT compiler for the Array.prototype.slice method.

The other issue, CVE-2019-9813, describes a type confusion issue in the IonMonkey JIT code affecting the Firefox 66.0 release that may let attackers read and write arbitrary memory, which was possible due to incorrect handling of __proto__ mutations.

Mozilla marked both issues as critical and recommended all Firefox users to update to the Firefox 66.0.1 point release as soon as possible. Firefox 66.0.1 is already rolling out to Windows and macOS platforms.

GNU/Linux users will have to install Firefox 66.0.1 from the stable software repositories.

Leave a Reply

You must be logged in to post a comment.