News

Firefox 66.0 Release – 5 critical vulnerabilities fixed!

Mozilla has released the next version of the Firefox browser – Firefox 66. In total, developers have eliminated 21 vulnerabilities, five of which received critical status, seven – a high degree of danger, another five – a medium degree of risk, the remaining 4 – a low one.

Among the critical gaps were noted “use-after-free” (CVE-2019-9790), which occurs when the pointer (raw pointer) to the DOM element is extracted via JavaScript, and the element is removed during use. This can lead to a fatal crash.

Two other critical issues affect the IonMonkey JavaScript JIT compiler (CVE-2019-9791 and CVE-2019-9792), they can also lead to a crash that an attacker can use. For example, IonMonkey can “merge” the internal “magic number” JS_OPTIMIZED_OUT, which can lead to memory corruption using JavaScript.

Among the high-risk vulnerabilities, CVE-2019-9793 can be distinguished – incorrect boundary checking with Specter patches disabled.

Also, the Mozilla team fixed the memory security bugs in Firefox 66 and Firefox ESR 60.6 — these problems were found by the Mozilla team itself.
firefox 66

Users are advised to install the new version of the browser as soon as possible.

https://www.mozilla.org/firefox/new/

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button