Firefox 59.0.1 contains security fixes. Mozilla has not posted any Firefox 59.0.1 release notes. Before Mozilla releases updates, Firefox users need to wait for a while. However, this version is already on Mozilla’s FTP server; the download site is distributing it.
Two high riks vulnerabilities include:
- CVE-2018-5146: Out of bounds memory write in libvorbis
REPORTER
Richard Zhu via Trend Micro’s Zero Day Initiative
- IMPACT
CRITICALDescription
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.- CVE-2018-5147: Out of bounds memory write in libtremor
REPORTER
Huzaifa SidhpurwalaIMPACT
CRITICALDescription
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.
Source: Mozilla
