Firefox 70 Update Fixes Critical and High-severity Vulnerabilities

Firefox

Mozilla has officially released Firefox 70 for Windows, Mac, and Linux and introduces additional protection for user's privacy and passwords. The Firefox 70 blocks the cross-site tracking cookies from social media. The browser can also give an overview of all the trackers that are block by the Enhanced Tracking Protection.

These privacy updates include the new social tracking protection feature, a new Privacy protections report, and an integrated data breach notification service for your saved logins.

The Firefox 70 update also comes with a batch of 14 security vulnerability fixes. These include a resolution for memory safety bugs (CVE-2019-11764), rated as critical as well as a number of high-severity and moderate vulnerabilities. There are currently no reports of these vulnerabilities being exploited in the wild.

Critical & High-Severity Vulnerabilities

  • CVE-2019-11764 - Critical - Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
  • CVE-2018-6156 - High - Heap buffer overflow in FEC processing in WebRTC
  • CVE-2019-15903 - High - Heap overflow in expat library in XML_GetCurrentLineNumber
  • CVE-2019-11757 - High - Use-after-free when creating index updates in IndexedDB

Systems Affected

  • Firefox versions prior to 70
  • Firefox ESR versions prior to 68.2

Get A Report of all Vulnerable Firefox Installations

If you currently have Mozilla Firefox deployed on your workstations, it's pretty critical that you update it at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities. Our custom color-coded Firefox Vulnerability Audit Report can tell you in no time which devices have an outdated Firefox version in place and need to be patched.

Firefox 70 and ESR 68.2 Audit
Firefox 70 Audit Report - Click to Enlarge

If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Firefox versions in no time.

Receive the Latest Vulnerability Reports for FREE

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.