The Mozilla Foundation yesterday issued version 66 of Firefox and 60.6 of Firefox Extended Support Release (ESR), in the process patching 22 vulnerabilities between them, five of them critical.
Four of the five most severe flaws were found in both the standard and ESR versions of the web browser. This includes CVE-2019-9790, a use-after-free vulnerability that can occur when removing in-use DOM (Document Object Model) elements. Attackers can exploit this scenario, which was discovered by researcher Brandon Wieser, to intentionally cause a crash.
Two additional shared critical bugs were found in the IonMonkey JavaScript JIT compiler for SpiderMonkey. The first, a type confusion flaw (CVE-2019-9791), can enable arbitrary reading and writing of objects during an exploitable crash. The other, CVE-2019-9792, involves the leaking of a magic value to the running script, which can be leveraged to trigger memory corruption and ultimately a crash. Samuel Groß of Google Project Zero is credited with discovering both of these issues.
The final shared critical vulnerability consisted of a series of memory safety bugs (CVE-2019-9788) uncovered by Mozilla's developers and community. Another set of memory safety bugs were also found only in the standard version of Firefox (CVE-2019-9789).
The previous versions of Firefox and Firefox ESR also shared an additional four high-level flaws, and one moderate-level bug. ESR also had one of its very own moderate vulnerabilities patched, while the latest standard version fixed an additional four-moderate level and four low-level bugs.
