Home Hacking News Mozilla Released Firefox 67 While Fixing 24 Security Vulnerabilities

Mozilla Released Firefox 67 While Fixing 24 Security Vulnerabilities

by Abeerah Hashim
Firefox zero-day bugs

Mozilla has released the latest version of Firefox browsers with major security updates. Allegedly, the new Firefox 67 brings fixes for as much as 24 different security flaws. These include numerous high severity and critical bugs as well.

Major Security Fixes With Firefox 67

This week, Mozilla has rolled-out the latest browser version of Firefox. The Firefox 67 browser release carries fixes for numerous major security flaws.

As disclosed in Mozilla’s advisory, the vendors fixed two sets of critical memory safety bugs and numerous high-severity flaws. The critical ones include CVE-2019-9814 that affected Firefox browser and CVE-2019-9800 that affected both Firefox and Firefox ESR browsers. Mozilla presumed that some of these bugs, upon exploit, could allow running arbitrary codes.

Regarding the high-severity flaws, Mozilla fixed 11 different vulnerabilities in Firefox. A prominent one includes a Spectre-like vulnerability (CVE-2019-9815) targeting MacOS. To stay protected from this flaw, the Mac users must ensure they upgrade to macOS 10.14.5. Whereas it has also patched 6 use-after-free flaws and other security bugs. Among these, the CVE-2019-9818 (Use-after-free in crash generation server) only affected Windows users, while CVE-2019-11693 (Buffer overflow in WebGL bufferdata) affected Linux only. The other vulnerabilities could impact all users.

Other Security Patches

Other than the critical and high-severity flaws, the recent Firefox version also carries fixes for 6 moderate-severity bugs and 2 low-severity security flaws. Among the moderate ones, CVE-2019-11694 (Uninitialized memory leakage) and CVE-2019-11700 (opening known local files via res: protocol) affected Windows users only. Whereas, the low-severity bug CVE-2019-11701 (webcal: protocol default handler loads vulnerable web page) would only work for users with accounts on XSS vulnerable websites. The other users remained unaffected by the bug.

Mozilla has rolled out all the fixes in Firefox 67 and Firefox 60.7. They have also fixed some other security vulnerabilities typically affecting Firefox ESR with the latest version. The users of the respective browsers must ensure to keep their devices updated to prevent any mishaps.

Earlier this month, Mozilla released Firefox 60.4 to fix a severe conflict with add-ons that occurred due to expiry of digital certificates, in turn, disabling the add-ons.

Take your time to comment on this article.

You may also like