Security Alert (A19-03-04): Multiple Vulnerabilities in Firefox


 

Published on: 20 March 2019

Description:

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. A remote attacker could entice a user running a vulnerable browser to open a web page with specially crafted content to exploit the vulnerabilities.

 

Affected Systems:

  • Firefox prior to version 66
  • Firefox ESR prior to version 60.6

 

Impact:

Successful exploitation of the vulnerabilities could lead to man-in-the-middle (MITM) attack, arbitrary code execution, application crash, or information disclosure on an affected system.

 

Recommendation:

Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs:

  • Firefox 66 for Windows, Macintosh and Linux
    https://www.mozilla.org/en-US/firefox/all/

  • Firefox ESR 60.6 for Windows, Macintosh and Linux
    https://www.mozilla.org/en-US/firefox/organizations/all/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/
https://www.hkcert.org/my_url/en/alert/19032001
https://www.us-cert.gov/ncas/current-activity/2019/03/19/Mozilla-Releases-Security-Updates-Firefox
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788 (to CVE-2019-9799)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9801 (to CVE-2019-9809)

 



Tag: Mozilla , Firefox
Tags