Mozilla sent Firefox Version 50.1.0 to the release channel today. The update includes four (4) Critical, six (6) High and three (3) Moderate updates. No additional changes are indicated in the release notes. Firefox ESR was updated to version 45.6.0.The next scheduled release is January 23, 2017 (5 week cycle with release for critical fixes as needed).
Security Fixes:
Critical
- CVE-2016-9894: Buffer overflow in SkiaGL
- CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
- CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
- CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
- CVE-2016-9895: CSP bypass using marquee tag
- CVE-2016-9896: Use-after-free with WebVR
- CVE-2016-9897: Memory corruption in libGLES
- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
- CVE-2016-9904: Cross-origin information leak in shared atoms
Moderate
- CVE-2016-9901: Data from Pocket server improperly sanitized before execution
- CVE-2016-9902: Pocket extension does not validate the origin of events
- CVE-2016-9903: XSS injection vulnerability in add-ons SDK
Update
To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.References
- Common questions after updating Firefox
- Security Updates
- Mozilla Firefox Release Notes
- Bug Fixes
- Rapid Release Calendar
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment