Mozilla Fixes Holes in Firefox

Wednesday, January 30, 2019 @ 11:01 AM gHale

Mozilla released security updates to address vulnerabilities in Firefox and Firefox ESR browsers where an attacker could end up leveraging the issues and take control of a system.

The vulnerabilities address three critical issues in Firefox 65, three high and one moderate holes, while Firefox ESR 60.5 has one high and two critical vulnerabilities.

RELATED STORIES
Mozilla Updates Firefox
Security Fixes in Latest Chrome Release
Chrome to Block Ads for Abusive Behavior
Techniques can Expose Browsing History

The critical issues in Firefox 65 are a use-after-free parsing HTML5 stream (CVE-2018-18500), which can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.

In addition there are memory safety bugs (CVE-2018-18502) where some showed evidence of memory corruption that could end up exploited to run arbitrary code.

Also, along with ESR 60.5, there are additional memory safety bugs (CVE-2018-18501) that could end up exploited to run arbitrary code.

In ESR 60.5, the other critical fix is a use-after-free parsing HTML5 stream (CVE-2018-18500) which can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.



Leave a Reply

You must be logged in to post a comment.