Mozilla rolled out another large security update patching a total of 11 vulnerabilities between Firefox 76 and Firefox ESR 68.8.The three critical issue (CVE-2020-12387, CVE-2020-12388 and CVE-2020-12395) are shared between the Firefox 76 and ESR 68.8.The first critical flaw found in both products is a Use-after-free during worker shutdown that can be used to create a potentially exploitable crash. The second is due to Firefox content processes that does not sufficiently lockdown access control which could result in a sandbox escape. The third are memory safety bugs that is believed could result in arbitrary code being run.The remaining issues were rated high, medium and low. This included CVE-2020-12389, CVE-2020-6831, CVE-2020-12392, CVE-2020-12393 for both products.Just affecting Firefox 76 were CVE-2020-12390, CVE-2020-12391 and CVE-2020-12394.
Patch/Configuration Management, Vulnerability Management
Mozilla patches three critical vulnerabilities in Firefox
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds