Wednesday, April 30, 2025
Follow us On Linkedin
HomeSecurity UpdatesMultiple Critical Vulnerabilities Fixed With Firefox 62 and Firefox ESR 60.2

Multiple Critical Vulnerabilities Fixed With Firefox 62 and Firefox ESR 60.2

Security Updates

Published on

By Gurubaran
Multiple Critical Vulnerabilities Fixed With Firefox 62 and Firefox ESR 60.2

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Mozilla Firefox 62 and Firefox ESR 60.2 covers multiple critical vulnerabilities with Firefox and Firefox ESR. These vulnerabilities allow a remote attacker to get access to the system.

Firefox ESR used system administrators in large organizations who want to manage their client desktops, including schools, businesses.

Mozilla Security Updates – Firefox 62

CVE-2018-12376: A memory corruption bug reported by Mozilla developers and community in Firefox 61 and Firefox ESR 60.1, which could be exploited by attackers to run arbitrary code. Now it has been fixed with Firefox 62 and Firefox ESR 60.2.

- Advertisement - Google News

CVE-2018-12375: Another memory corruption bug in Firefox 61 which allows attackers to execute the arbitrary code. It has been fixed with Firefox 62.

CVE-2018-12377: The bug was reported by Nils in both Firefox and Firefox ESR, the use-after-free vulnerability resides in driver refresh timers. when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted and results in the crash. Now the vulnerability has been fixed with Firefox 62 and Firefox ESR 60.2.

CVE-2018-12378: The use-after-free vulnerability occurs if IndexedDB index is deleted when javascript is used, it could result in a potential crash. Now the vulnerability has been fixed with Firefox 62 and Firefox ESR 60.2.

CVE-2018-12379: The Mozilla updater uses a MAR file that usually has the shortcuts of reports created by the program, the bug resides in handling MAR format file which contains a very long item filename that triggers out-of-bounds write leads to a potentially exploitable crash. It has been fixed with the recent version of Firefox and Firefox ESR.

CVE-2017-16541: By using the automount feature with autofs the browser proxy settings can be bypassed by creating a local file system and the vulnerability has been fixed with Firefox 62 and Firefox ESR 60.2.

CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation, it affects both Firefox and Firefox ESR.

CVE-2018-12382: Address bar spoofing with javascript URI on Firefox for Android.

CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords.

Security Advisory for Firefox 62 and Firefox ESR 60.2 can be found here.

Also Read

Adobe Release Security Patches to Fix Critical Vulnerabilities for Adobe Photoshop

Apache Security Update that Covers Multiple Vulnerabilities With Tomcat Native

VMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cyber Security News

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...
Cyber Attack

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...
Cyber Attack

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...
cryptocurrency

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

cyber security

Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE Vulnerabilities

Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing...
Cyber Security News

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...
CVE/vulnerability

Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing)...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved