Mozilla pushed out two security patches for Firefox Thursday that could have a high impact on browser users.
Mozilla officials said the vulnerabilities ended up fixed in version 49.0.2.
The first vulnerability, CVE-2016-5287, was “a potential exploitable use-after-free crash during actor destruction with service workers,” according to the patch report. It does not affect release version earlier than Firefox 49.
The second, CVE-2016-5288, ended up discovered by a Cliqz.com developer who showed web content could access information in the HTTP cache if e10s is disabled.
This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49.