Mozilla Firefox / Firefox ESR Arbitrary Code Execution Vulnerability
Bug #1903677 reported by
it0001
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| firefox (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
A use-after-free error related to the MCallGetProperty opcode can be exploited to execute arbitrary code.
The vulnerability is reported in Mozilla Firefox versions prior to 82.0.3 and in Mozilla Firefox ESR versions prior to 78.4.1.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
Mozilla Firefox 78.x
Mozilla Firefox 82.x
Update to a fixed version.
Mozilla Firefox:
Update to version 82.0.3.
Mozilla Firefox ESR:
Update to version 78.4.1.
References
1. https:/
Please provide a patch as soon as possible.
Revision history for this message
| Alex Murray (alexmurray) wrote | #1 |
| Changed in firefox (Ubuntu): | |
| status: | New → Fix Released |
| information type: | Private Security → Public Security |
To post a comment you must log in.
firefox 82.0.3 was released for xenial, bionic, focal, groovy and hirsute yesterday.