The Mozilla Foundation Security has released an advisory to patch critical vulnerabilities in Firefox and Firefox ESR products which could allow a remote attacker to take control of an affected system.

The Mozilla Foundation Security has released an advisory to patch critical vulnerabilities in Firefox and Firefox ESR products which could allow a remote attacker to take control of an affected system.

The vulnerabilities were patched in Firefox 60.0.2, ESR 60.0.2, and ESR 52.8.1 and were caused by a heap buffer overflow can occur in the Skia library when rasterising paths using a maliciously crafted SVG file with anti-aliasing turned off, according the security advisory.

The bug would result in a potentially exploitable crash, researchers said informing users to update their systems to address vulnerabilities in Firefox and Firefox ESR.

Last month, Mozilla rolled out its two-step authentication for all Firefox Accounts. The program was unique in that it was designed without support for SMS-based codes and was designed to work with the authentication of third party services such as Google Authenticator, Duo Mobile and Authy 2-Factor Authentication.

This article originally appeared at scmagazineuk.com



Source link

NO COMMENTS

LEAVE A REPLY