Security Alert (A15-09-04): Multiple Vulnerabilities in Firefox
23 September 2015
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
Firefox prior to version 41
Firefox ESR 38.x prior to version 38.3 (Firefox ESR 31.x could also be affected but it has reached end-of-support)
Depending on the vulnerability exploited, a successful attack could lead to application crash or arbitrary code execution on an affected system.
Mozilla has released new versions of the products to address the issues and they can be downloaded at the following URLs:
Firefox 41 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/firefox/all.html
Firefox ESR 38.3 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/firefox/organizations/all/
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
Users of Firefox ESR 31.8 should be reminded that the product has reached end-of-support on 11 Aug 2015 and there will not be any patches available. Users should consider upgrading to newer versions for protections.