Mozilla has officially released Firefox 71 for Windows, Mac, and Linux and it comes with support for the picture-in-picture API and improvements to the Enhanced Tracking Protection feature and the Lockwise password manager. The latest Firefox release also comes with multiple fixes for high-severity security vulnerabilities.
Mozilla's Security Advisory for Firefox states that this release fixes 11 Firefox security vulnerabilities with 6 being classified as 'High' and 5 classified as 'Moderate'. For Firefox ESR, Mozilla released version 68.3 which addresses 8 security vulnerabilities, 4 of which are rated as critical. So we recommend that you update your Mozilla Firefox installations as soon as possible.
A few of these vulnerabilities could be exploited using specially crafted web pages, so it is important that the update is applied across your organization as soon as possible.
High-Severity Security Vulnerabilities Fixed in Firefox 71
- CVE-2019-11756 - Use-after-free of SFTKSession object
- CVE-2019-17008 - Use-after-free in worker destruction
- CVE-2019-13722 - Stack corruption due to incorrect number of arguments in WebRTC code
- CVE-2019-11745 - Out of bounds write in NSS when encrypting with a block cipher
- CVE-2019-17012 - Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
- CVE-2019-17013 - Memory safety bugs fixed in Firefox 71
Get A Report of all Vulnerable Firefox Installations & Update To Firefox 71
If you currently have Mozilla Firefox or Firefox ESR deployed on your workstations, it's pretty critical that you update it at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities. Our custom color-coded Firefox 71 Vulnerability Audit Report can tell you in no time which devices have an outdated Firefox version in place and need to be patched.
If you haven't already, start your 14-day Lansweeper trial and get a list of all vulnerable Firefox versions in no time.