Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-031.080917: TT-CSIRT Advisory – Mozilla Security Updates

TTCSIRT-031.080917: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR:

a) Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code.

b) A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.

c) A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.

d) A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.

e) A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.

Further information on these security updates can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/