Mozilla Firefox Released security updates that cover 2 critical vulnerabilities in Firefox 62.0.3 and Firefox ESR 60.2.2.
One of the remote code execution vulnerability allows a remote attacker to get access to the system and both vulnerabilities are categorized under a critical impact.
— US-CERT (@USCERT_gov) October 3, 2018
Firefox’s automatic update system checks for updates frequently and if it finds a new update, installs it automatically. Firefox users who have blocked automatic updates need to run a manual check for updates here Select Menu > Help > About Firefox.
Vulnerabilities in Firefox 62.0.3
This leads to remote code execution inside the sandboxed content process when triggered.
This vulnerability was reported by Niklas Baumstark, Samuel Groß, Bruno Keith via Beyond Security’s SecuriTeam.
Memory Address Leak Vulnerability: CVE-2018-12387
This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.
It was reported by Bruno Keith, Niklas Baumstark via Beyond Security’s SecuriTeam.