Categories: Security Updates

Multiple Critical Vulnerabilities Fixed With Firefox 62 and Firefox ESR 60.2

Mozilla Firefox 62 and Firefox ESR 60.2 covers multiple critical vulnerabilities with Firefox and Firefox ESR. These vulnerabilities allow a remote attacker to get access to the system.

Firefox ESR used system administrators in large organizations who want to manage their client desktops, including schools, businesses.

Mozilla Security Updates – Firefox 62

CVE-2018-12376: A memory corruption bug reported by Mozilla developers and community in Firefox 61 and Firefox ESR 60.1, which could be exploited by attackers to run arbitrary code. Now it has been fixed with Firefox 62 and Firefox ESR 60.2.

CVE-2018-12375: Another memory corruption bug in Firefox 61 which allows attackers to execute the arbitrary code. It has been fixed with Firefox 62.

CVE-2018-12377: The bug was reported by Nils in both Firefox and Firefox ESR, the use-after-free vulnerability resides in driver refresh timers. when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted and results in the crash. Now the vulnerability has been fixed with Firefox 62 and Firefox ESR 60.2.

CVE-2018-12378: The use-after-free vulnerability occurs if IndexedDB index is deleted when javascript is used, it could result in a potential crash. Now the vulnerability has been fixed with Firefox 62 and Firefox ESR 60.2.

CVE-2018-12379: The Mozilla updater uses a MAR file that usually has the shortcuts of reports created by the program, the bug resides in handling MAR format file which contains a very long item filename that triggers out-of-bounds write leads to a potentially exploitable crash. It has been fixed with the recent version of Firefox and Firefox ESR.

CVE-2017-16541: By using the automount feature with autofs the browser proxy settings can be bypassed by creating a local file system and the vulnerability has been fixed with Firefox 62 and Firefox ESR 60.2.

CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation, it affects both Firefox and Firefox ESR.

CVE-2018-12382: Address bar spoofing with javascript URI on Firefox for Android.

CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords.

Security Advisory for Firefox 62 and Firefox ESR 60.2 can be found here.

Also Read

Adobe Release Security Patches to Fix Critical Vulnerabilities for Adobe Photoshop

Apache Security Update that Covers Multiple Vulnerabilities With Tomcat Native

VMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials

A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom meeting…

51 minutes ago

New Hannibal Stealer Uses Stealth and Obfuscation to Evade Detection

A newly identified piece of malware, dubbed the "Hannibal Stealer," has emerged as a significant…

57 minutes ago

Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

Advanced persistent threat (APT) groups with ties to China have become persistent players in the…

1 hour ago

Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base

Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR)…

1 hour ago

Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems

Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for…

3 hours ago

New Report Finds 67% of Organizations Experienced Cyber Attacks in the Last Year

A disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands, Germany,…

4 hours ago