Mozilla has simply launched Firefox 66.zero.1 and Firefox 60.6.1 ESR to the general public. The two new variations of Firefox patch vital security vulnerabilities within the net browser.
Firefox customers ought to obtain the updates mechanically if computerized updates is turned on within the browser (which it’s by default). The new variations are additionally available as standalone downloads from Mozilla’s official web site.
Firefox customers could choose Menu > Help > About Firefox to run a handbook verify for updates to obtain the brand new model instantly. It takes some time as Firefox doesn’t run real-time replace checks.
Firefox 66.zero.1 and Firefox 60.6.1 ESR
Mozilla patched two vital security vulnerabilities in Firefox 66.zero.1. and Firefox 60.6.1 ESR (Extended Support Release).
The vulnerabilities are listed on the official Firefox Security Advisories web site:
CVE-2019-9810: IonMonkey MArraySlice has incorrect alias info
Incorrect alias info in IonMonkey JIT compiler for Array.prototype.slice technique could result in lacking bounds verify and a buffer overflow.
CVE-2019-9813: Ionmonkey sort confusion with __proto__ mutations
Incorrect dealing with of __proto__ mutations could result in sort confusion in IonMonkey JIT code and may be leveraged for arbitrary reminiscence learn and write.
Additional info just isn’t offered right now, the linked bug listings are blocked from the general public.
The two researchers that found the vulnerabilities are Richard Zhu and Amat Cama, and it’s most likely no coincidence that the researchers attacked Firefox profitable on this 12 months’s Pwn2Own competitors.
The security researchers managed to make use of an exploit in Firefox to execute code on the system stage if a consumer visited a particularly ready web site.
They leveraged a JIT bug within the browser, then used an out-of-bounds write within the Windows kernel to successfully take over the system. They have been in a position to execute code at SYSTEM stage simply by utilizing Firefox to go to their specifically crafted web site.
The competitors noticed one other profitable concentrating on Firefox. Niklas Baumstark exploited a JIT bug in Firefox to flee the sandbox which might enable an attacker to run code on the machine with the identical permissions because the signed-in consumer.
He used a JIT bug within the browser adopted by a logic bug to flee the sandbox. In a real-world situation, an attacker might use this to run their code on a goal system on the stage of the logged-on consumer.
It is really useful to replace to the brand new patched variations of Firefox to guard the browser and underlying system from assaults concentrating on these vulnerabilities.