Jump to content

Mozilla Fixes 32 Vulnerabilities in Firefox 54


RV_

Recommended Posts

I now use Firefox and have the settings set to automatically update but for the last two version updates I had to do manually?

Excerpt:

"Mozilla fixed 32 vulnerabilities, including a critical bug that could have resulted in a crash, with the release Tuesday of Firefox 54, the latest version of its flagship browser.

The critical bug, a use-after-free vulnerability, was dug up by longtime bug hunter Nils. The vulnerability (CVE-2017-5472) existed in the browser’s frameloader. Nils encountered the vulnerability during tree reconstruction while regenerating CSS layout. The researcher discovered that while attempting to access a node in the tree that didn’t exist, he could trigger a potentially exploitable crash.

The update also resolved a dozen vulnerabilities considered high impact by Mozilla, including three additional use-after-free bugs; one during video control operations, one in content viewer, and one during docshell reloading. While all of the vulnerabilities also could’ve resulted in a crash of the browser, Mozilla deemed them less serious than CVE-2017-5472.

Some of the vulnerabilities were specific to certain setups. One, CVE-2017-7759, could have allowed for the reading of local data by violating same origin policy – but only on Firefox for Android.

Another vulnerability (CVE-2017-7755) could have allowed privilege escalation via the Firefox installer – but only on Windows operating systems. That bug, discovered by Yuji Tounai, a Tokyo-based researcher with NTT Communications, could have enabled Firefox’s installer to load malicious DLL files stored in the same directory as the installer. An additional, separate Windows-specific issue also affected the browser’s installer. That bug, discovered by security researcher Holger Fuhrmannek, could have allowed manipulation of files stored in the installer’s directory and in turn, like Tounai’s issue, allowed privilege escalation."

Source with more: https://threatpost.com/mozilla-fixes-32-vulnerabilities-in-firefox-54/126278/

OK so how do you manually update? Go here and follow the directions and bada bing! Firefox 54!:

https://threatpost.com/mozilla-fixes-32-vulnerabilities-in-firefox-54/126278/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...