News

Firefox 66.0 Release – 5 critical vulnerabilities fixed!

Mozilla has released the next version of the Firefox browser – Firefox 66. In total, developers have eliminated 21 vulnerabilities, five of which received critical status, seven – a high degree of danger, another five – a medium degree of risk, the remaining 4 – a low one.

Among the critical gaps were noted “use-after-free” (CVE-2019-9790), which occurs when the pointer (raw pointer) to the DOM element is extracted via JavaScript, and the element is removed during use. This can lead to a fatal crash.

Two other critical issues affect the IonMonkey JavaScript JIT compiler (CVE-2019-9791 and CVE-2019-9792), they can also lead to a crash that an attacker can use. For example, IonMonkey can “merge” the internal “magic number” JS_OPTIMIZED_OUT, which can lead to memory corruption using JavaScript.

Among the high-risk vulnerabilities, CVE-2019-9793 can be distinguished – incorrect boundary checking with Specter patches disabled.

Also, the Mozilla team fixed the memory security bugs in Firefox 66 and Firefox ESR 60.6 — these problems were found by the Mozilla team itself.

Users are advised to install the new version of the browser as soon as possible.

https://www.mozilla.org/firefox/new/

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago