Firefox 66 Released with Five Critical Vulnerability Fixes

Mozilla has released a new version of its browser, Firefox 66. In total, the developers have fixed 21 vulnerabilities: five of them were classified as critical, seven as high risk, five as medium risk, and the remaining four as low risk.

Details on Critical Vulnerabilities

• Use-After-Free Vulnerability (CVE-2019-9790): This issue occurs when a raw pointer to a DOM element is obtained via JavaScript, but the element is deleted while still in use. This can lead to a fatal crash.
• JavaScript JIT Compiler IonMonkey Bugs (CVE-2019-9791 and CVE-2019-9792): These two critical bugs affect the IonMonkey JavaScript JIT compiler. They can also cause crashes that could be exploited by attackers. For example, IonMonkey might leak the internal “magic number” JS_OPTIMIZED_OUT, which could lead to memory corruption via JavaScript.

Other Notable Vulnerabilities

Among the high-risk vulnerabilities, CVE-2019-9793 stands out. It involves improper boundary checking when Spectre patches are disabled.

The Mozilla team also fixed memory safety bugs in both Firefox 66 and Firefox ESR 60.6. These issues were discovered by Mozilla’s own security team.

Update Recommendation

Users are strongly advised to install the new version of Firefox as soon as possible to ensure their security.