View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Mozilla Pushes Out 13 Firefox Patches: Google Credited with Two

Patches fix everything from memory out-of-bounds to use-after-free bugs

By claudia glover

Twelve high priority bugs in Mozilla Firefox’s software have been patched today, and Google’s Project Zero found two of them.

Mozilla’s fixes came as part of “Batch Tuesday”, a monthly update of software security fixes pushed out by firms including Adobe and Microsoft.

Sergei Glazunov, a software engineer at Google, uncovered one security flaw, that, if left unchecked, could lead to potentially exploitable memory corruption followed by the immediate crashing of the device.

Another Google engineer Natalie Silvanovich uncovered a flaw that could result in an out of bounds read, where hackers can potentially read sensitive information from other memory locations, or cause a crash.

See also: Firefox Makes DNS-Over-HTTPS Default Setting 

The rest of the patches, spanning Firefox 74 and 7 for Firefox ESR68.6 were a mixed bag, as Jay Goodman at Automox, noted, “correcting everything from memory out-of-bounds to use-after-free bugs, with a few standouts.”

He added: “While none have been seen exploited in the wild yet, the time to weaponization averages seven days. And with Firefox’s increasing market growth in the enterprise market, leaving any devices unpatched could lead to a security incident.”

Glazunov and Silvanovich both work for Google’s Project Zero, formed in 2014, which is tasked with finding and reporting zero day security vulnerabilities.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

In all, of the 13 bugs patched within Mozilla’s software, six have been deemed as a high security risk for users.

The full list of CVEs is here.

Read This: “Power Grid Organisation Hacked”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.