TTCSIRT-031.080917: TT-CSIRT Advisory – Mozilla Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR:
a) Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code.
b) A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
c) A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
d) A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
e) A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
Further information on these security updates can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/ |