Geeks for your information News Browsers News & Tips v
Firefox 82.0.3, Firefox 78.4.1 and Thunderbird 78.4.2 patch a critical security issue
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Firefox 82.0.3, Firefox 78.4.1 and Thunderbird 78.4.2 patch a critical security issue
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 12,793
Threads: 8,839
Thanks Received: 8,732 in 6,893 posts
Thanks Given: 9,633
Joined: 12 September 18
#1
Information  10 November 20, 06:48 (This post was last modified: 10 November 20, 06:52 by harlan4096.)
Quote:
[Image: mozilla-firefox-82.0.3.png]

Mozilla has released new stable versions of the Firefox web browser and the team behind the Thunderbird email client has released a new stable version to address a critical security vulnerability.

Firefox 82.0.3 and Firefox 78.4.1 ESR are already available. Firefox users may select Menu > Help > About Firefox to run a manual check for updates to download and install the new version automatically.

Thunderbird users may select Help > About Thunderbird in the client to get the new version downloaded and installed. Both menus display the current version that is installed on the system, which can be used to verify that the update is installed.

[Image: thunderbird-78.4.2.png]

The Firefox 82.0.3 release notes and the Thunderbird 78.4.2 release notes list a security fix as the only change in the release. Both link to the official Mozilla Security website.

Mozilla Foundation Security Advisory 2020-49 reveals that the security issue that is fixed in the new versions of the browser and email client has received the highest severity rating critical.

It was revealed during the Tianfu Cup 2020 International Cybersecurity Contest held on November 7 and November 8, 2020. The contest is China's version of the Pwn2Own contest featuring security speeches, demonstrations, and a wide assortment of targets to be hacked.

Among the targets were all major browsers, Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox, as well as other popular applications such as Adobe PDF Reader, VMWare Workstation, Ubuntu, Apple's iPhone 11 Pro with iOS 14, Samsung's Galaxy S20, Windows 10 version 2004, and other systems.

The successful exploit of a vulnerability in Firefox brought the issue to Mozilla's attention. Thunderbird and Firefox share a codebase, and that is why Thunderbird is also affected by the vulnerability.

Mozilla's public description of the vulnerability:
 
Quote:CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.

Mozilla reacted quickly and has produced a patch to fix the issue in all current versions of the Firefox web browser and Thunderbird.

Firefox and Thunderbird users should consider updating their browsers and email clients to the new version as quickly as possible.

The next stable version of Firefox will be released on November 17, 2020.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Malwarebytes 5.1.3.110
Malwarebytes 5.1.3...Mohammad.Poorya — 00:51
Music Videos
Billy Joel - The Riv...jAcos — 17:24
Movies! Movies!
Beverly Hills Cop: A...jAcos — 17:22
TV Series
Matlock Kathy Bat...jAcos — 17:16
F-Secure 19.4
What's new in the ...harlan4096 — 09:44

[-]
Birthdays
Today's Birthdays
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
Upcoming Birthdays
avatar (43)wapedDow
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo

[-]
Online Staff
There are no staff members currently online.

>