Mozilla
issued patches for Firefox 71 and Firefox ESR 68.3 fixing 11 high- and
moderate-rated vulnerabilities.
The majority
of the patches were shared between Firefox
71 and ESR 68.3
with Firefox 71 receiving an additional three fixes.
The most
severe of the shared patches are:
- CVE-2019-17008 is a use-after-free in
worker destruction issue that if attacked could lead to an exploitable crash. - CVE-2019-1372 only effects Windows and
can occur when setting a thread name on Windows in WebRTC, an incorrect number
of arguments could have been supplied, leading to stack corruption and a
potentially exploitable crash. - CVE-2019-11745: Out of bounds write
in NSS when encrypting with a block cipher can cause heap corruption and a
potentially exploitable crash. - CVE-2019-17012: Memory safety bugs that
if left unpatched could be exploited to run arbitrary code.
The security issues patched just in Firefox 71 were CVE-2019-17013, CVE-2019-11756 and CVE-2019-11703.
Gloss