News

Firefox 66.0 Release – 5 critical vulnerabilities fixed!

Mozilla has released the next version of the Firefox browser – Firefox 66. In total, developers have eliminated 21 vulnerabilities, five of which received critical status, seven – a high degree of danger, another five – a medium degree of risk, the remaining 4 – a low one.

Among the critical gaps were noted “use-after-free” (CVE-2019-9790), which occurs when the pointer (raw pointer) to the DOM element is extracted via JavaScript, and the element is removed during use. This can lead to a fatal crash.

Two other critical issues affect the IonMonkey JavaScript JIT compiler (CVE-2019-9791 and CVE-2019-9792), they can also lead to a crash that an attacker can use. For example, IonMonkey can “merge” the internal “magic number” JS_OPTIMIZED_OUT, which can lead to memory corruption using JavaScript.

Among the high-risk vulnerabilities, CVE-2019-9793 can be distinguished – incorrect boundary checking with Specter patches disabled.

Also, the Mozilla team fixed the memory security bugs in Firefox 66 and Firefox ESR 60.6 — these problems were found by the Mozilla team itself.

Users are advised to install the new version of the browser as soon as possible.

https://www.mozilla.org/firefox/new/

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-xbuhoxu.store pop-up ads (Virus Removal Guide)

News-xbuhoxu.store is a domain that tries to force you into subscribing to its browser notifications…

10 hours ago

Remove News-xbadeyo.today pop-up ads (Virus Removal Guide)

News-xbadeyo.today is a site that tries to force you into clik to its browser notifications…

10 hours ago

Remove News-bbutohu.info pop-up ads (Virus Removal Guide)

News-bbutohu.info is a site that tries to trick you into clik to its browser notifications…

11 hours ago

Remove News-bbucoxe.today pop-up ads (Virus Removal Guide)

News-bbucoxe.today is a domain that tries to force you into clik to its browser notifications…

11 hours ago

Remove News-xdetake.cc pop-up ads (Virus Removal Guide)

News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…

14 hours ago

Remove News-bbufiya.today pop-up ads (Virus Removal Guide)

News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…

14 hours ago