Mozilla just released Firefox 77 fixing few CVE security flaws, some of them are high severity vulnerabilities. Three(CVE-2020-12406, CVE-2020-12410, CVE-2020-12411) of eight fixed vulnerabilities allow arbitrary code execution found by internal Mozilla developers.
Another important vulnerability (CVE-2020-12399) is describes as a timing attack in the NSS library.
The last high-risk flaw (CVE-2020-12405), reported by Marsin Noga (Cisco Talos), is a use-after-free () bug in the SharedWorkService component which can cause an “exploitable crash”.All others are medium or low-risks vulnerabilities.An update will be automatically downloaded and installed; users don’t need to do any additional steps.
No comments:
Post a Comment