Description:

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by XUL injection, use-after-free error, memory safety bugs, buffer overflow, out-of-bounds read, domain hijacking, same-origin policy bypass, and memory protections bypass, etc. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.

Affected Systems:

• Firefox prior to version 55
• Firefox ESR prior to version 52.3

Impact:

A successful attack could lead to allow arbitrary code execution, memory corruption, information disclosure, spoofing or application crash on an affected system.

Recommendation:

Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs:

• Firefox 55 for Windows, Macintosh and Linux
  https://www.mozilla.org/en-US/firefox/all/
  
  
• Firefox ESR 52.3 for Windows, Macintosh and Linux
  https://www.mozilla.org/en-US/firefox/organizations/all/
  
  

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/
https://www.hkcert.org/my_url/en/alert/17080903
https://www.us-cert.gov/ncas/current-activity/2017/08/08/Mozilla-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779 (to CVE-2017-7792)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7796 (to CVE-2017-7804)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7806 (to CVE-2017-7809)