Your one-stop web resource providing safety and security information to manufacturers

Mozilla released security updates to address vulnerabilities in Firefox and Firefox ESR, where an attacker could take control of an affected system.

The Firefox 66 web browser and Firefox ESR 60.6 released for all supported platforms.

RELATED STORIES
Chrome Update Released
Chrome Zero Day Fixed in Latest Release
Fix Coming for Chrome Zero Day
Google Releases Multiple Fixes for Chrome

Firefox 66 and ESR 60.6 patched critical vulnerabilities among others.

In one patched vulnerability, there was a use-after-free issue that could occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.

Cyber Security

In addition, there was a type inference system allowed the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allowed for possible arbitrary reading and writing of objects during an exploitable crash.

Also, the IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash.

In addition, there were critical memory safety bugs fixed.

Pin It on Pinterest

Share This