Mozilla Firefox 59.0.1 released to fix two high risk vulnerabilities
Firefox 59.0.1 contains security fixes. Mozilla has not posted any Firefox 59.0.1 release notes. Before Mozilla releases updates, Firefox users need to wait for a while. However, this version is already on Mozilla’s FTP server; the download site is distributing it.
Two high riks vulnerabilities include:
- CVE-2018-5146: Out of bounds memory write in libvorbis
REPORTER
Richard Zhu via Trend Micro’s Zero Day Initiative
- IMPACT
CRITICALDescription
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.- CVE-2018-5147: Out of bounds memory write in libtremor
REPORTER
Huzaifa SidhpurwalaIMPACT
CRITICALDescription
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.
Source: Mozilla