Mozilla Firefox 59.0.1 released to fix two high risk vulnerabilities

Firefox 59.0.1 contains security fixes. Mozilla has not posted any Firefox 59.0.1 release notes. Before Mozilla releases updates, Firefox users need to wait for a while. However, this version is already on Mozilla’s FTP server; the download site is distributing it.

Two high riks vulnerabilities include:

• CVE-2018-5146: Out of bounds memory write in libvorbis

  REPORTER
  Richard Zhu via Trend Micro’s Zero Day Initiative

  IMPACT
  CRITICAL

  Description
  An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

• CVE-2018-5147: Out of bounds memory write in libtremor

  REPORTER
  Huzaifa Sidhpurwala

  IMPACT
  CRITICAL

  Description
  The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.

Source: Mozilla