Critical vulnerabilities fixed in Mozilla Firefox 74 and Firefox ESR 68.6
March updates include two advisories from Mozilla, one for Firefox 74 and one for Firefox ESR 68.6, featuring 6 CVEs rated as high.
Product | Title | CVE ID | Severity |
Firefox 74 & Firefox ESR 68.6 | Use-after-free when removing data about origins | High | |
Firefox 74 & Firefox ESR 68.6 | BodyStream::OnInputStreamReady was missing protections against state confusion | High | |
Firefox 74 & Firefox ESR 68.6 | Use-after-free in cubeb during stream destruction | High | |
Firefox 74 | URL Spoofing via javascript: URL | Medium | |
Firefox 74 | Web Extensions with the all-rls permission could access local files | Medium | |
Firefox 74 | Focusing a popup while in fullscreen could have obscured the fullscreen notification | Medium | |
Firefox 74 & Firefox ESR 68.6 | Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection | Medium | |
Firefox 74 & Firefox ESR 68.6 | Out of bounds reads in sctp_load_addresses_from_init | Medium | |
Firefox 74 & Firefox ESR 68.6 | The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission | Medium | |
Firefox 74 | @import statements in CSS could bypass the Content Security Policy nonce feature | Low | |
Firefox 74 & Firefox ESR 68.6 | Memory safety bugs fixed | High | |
Firefox 74 | Memory and script safety bugs fixed | High |
Resolution:
Here's the list of patch IDs to resolve the aforementioned vulnerabilities:
313279 - Mozilla Firefox (74.0)
313280 - Mozilla Firefox (x64) (74.0)
313281 - Mozilla Firefox ESR (68.6.0)
313282 - Mozilla Firefox ESR (x64) (68.6.0)