Mozilla released security updates to address vulnerabilities in Firefox and Firefox ESR which could allow a remote attacker to take control of an affected system.
"The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox64 and FirefoxESR 60.4 and apply the necessary updates," according to the 11 December US-CERT advisory.
Mozilla released a total of 17 CVEs between the two advisories, three of the CVEs were rated critical and four of them were rated high.
The critical vulnerabilities all involved memory safety bugs in Firefox 64 and Firefox ESR 60.4. Other patches included fixes for buffer overflow and out of bounds read inANGLE library with TextureStorage11, use-after-free with select element bugs, and other buffer overflow flaws.
This article was originally published on SC Media US.