Wednesday, November 30, 2016

Mozilla Firefox Version 50.0.2 Released to Address Critical Zero-Day Vulnerability


FirefoxMozilla sent Firefox Version 50.0.2 to the release channel today to address a critical zero-day vulnerability in the wild.  Firefox ESR was updated to version 45.5.1.

The next scheduled release is December 13, 2016 (5 week cycle with release for critical fixes as needed).

Critical
Additional information about the vulnerability is available in Vulnerability Note VU#791496, "Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability".

Note:  As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable.  After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit.

Update via Twitter message from PaleMoon:
"Despite this, we'll still be releasing a DiD patched update on Dec 2nd that fixes the crash at the root of this."

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    No comments: