Description:

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. A remote attacker could entice a user running a vulnerable browser to open a web page with specially crafted content to exploit the vulnerabilities.

Affected Systems:

• Firefox prior to version 65.0.1
• Firefox ESR prior to version 60.5.1

Impact:

Successful exploitation of the vulnerabilities could lead to application crash on an affected system.

Recommendation:

Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs:

• Firefox 65.0.1 for Windows, Macintosh and Linux
  https://www.mozilla.org/en-US/firefox/all/
  
  
• Firefox ESR 60.5.1 for Windows, Macintosh and Linux
  https://www.mozilla.org/en-US/firefox/organizations/all/
  
  

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
https://www.hkcert.org/my_url/en/alert/19021303
https://www.us-cert.gov/ncas/current-activity/2019/02/12/Mozilla-Releases-Security-Updates-Firefox
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785