Mozilla has released its latest Firefox 69 update browser version, which by default blocks third-party cookies and crypto miners and disables default support for Adobe Flash Player. The Firefox 69 update also comes with a batch of security patches, which address one critical and eight high-severity vulnerabilities.
The critical vulnerability CVE-2019-11751 enables malicious code execution through command line parameters for Firefox browsers on Windows OS. Mozilla stated that "logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder."
Other high-severity flaws that were fixed include a use-after-free vulnerability, a same-origin policy violation that could allow data theft, and a flaw allowing file manipulation and privilege escalation in Mozilla Maintenance Service.
- CVE-2019-11751 (Critical): Malicious code execution through command line parameters
- CVE-2019-11746 (High): Use-after-free while manipulating video
- CVE-2019-11744 (High): XSS by breaking out of title and Textarea elements using innerHTML
- CVE-2019-11742 (High): Same-origin policy violation with SVG filters and canvas to steal cross-origin images
- CVE-2019-11736 (High): File manipulation and privilege escalation in Mozilla Maintenance Service
- CVE-2019-11753 (High): Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
- CVE-2019-11752 (High): Use-after-free while extracting a key value in IndexedDB
- CVE-2019-9812 (High): Sandbox escape through Firefox Sync
- CVE-2019-11741 (High): Isolate addons.mozilla.org and accounts.firefox.com
Get A Report of all Vulnerable Firefox Installations
If you currently have Mozilla Firefox deployed on your workstations, it's pretty critical that you update it at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities. Our custom color-coded Vulnerability Audit Report can tell you in no time which devices have an outdated Firefox version in place and need to be patched.
If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Firefox versions in no time.