Mozilla Releases Firefox Security Updates

Yesterday Mozilla made available unscheduled security updates for Firefox 40 and Firefox ESR (Extended Support Release) 38.2.

These updates resolve 2 CVEs (CVE, defined) (1x critical severity, 1x high severity). The high severity issue concerned a possible means of forging where an add-on for Firefox was being installed from and an issue where the permission to install prompt that is supposed to appear would not do so. This could have been used to deceive a user into trusting an add-on more than they should (since the add-on would appear to come from a trusted site) and could have allowed malicious add-ons to be installed without permission.

The critical issue being addressed was a use-after-free vulnerability (use-after-free, defined) that was reported to Mozilla by 2 distinct sources.

Further details of these updates (and the issues mentioned above) are available for Firefox 40.0.3 and Firefox ESR 38.2.1. If Firefox is installed on any computer that you use, please install the appropriate updates as soon as possible. Details of how to install updates for Firefox are here.

Mozilla Firefox updates generally install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s