Mozilla has released Firefox 67, Firefox ESR 60.7 and Thunderbird 60.7 to address multiple vulnerabilities.
Firefox 67 includes fixes for two (2) critical and 11 high severity vulnerabilities, as well as 6 moderate and 1 low severity bugs.
As noted in the advisory, the two critical bugs patched include:
- Memory safety bugs fixed in Firefox 67 (CVE-2019-9814)
- Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800).
“Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code,” Mozilla warned.
“In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts,” Mozilla noted.
Users and administrators should review the Mozilla advisories and apply the necessary security updates.