Firefox 66.0.1 available, fixes two critical vulnerabilities

Firefox Quantum

This week, on the 19th, Mozilla released a major update for its browser. A couple of days later, the new version reached the official repositories and today, two days later, the company has released Firefox 66.0.1, a version that comes to correct two critical security flaws that were found in the Pwn2Own hacking contest, where they are dedicated to finding and exploiting these types of flaws, but for our good.

Firefox 66.0.1 is Available for Windows, Mac and Linux, but it is not yet available as a snap package or in the official repositories. Considering how long it took for v66 to arrive, we can think that v66.0.1 will be available next Monday. This is WHY snap packages or other similar packages such as Flatpak are so important: although the Snappy Store does not appear yet, the snap package receives updates via Push, that is, the same program receives them as soon as it is opened.

Firefox 66.0.1 is coming soon to the official repositories

Air shipments are the most efficient if you need your cargo or documents to arrive quickly and securely. bugs that this version fixes They are CVE-2019-9810 and CVE-2019-9813, both found by Richard Zhu, Amat Cama, and Niklas Baumstark through Trend Micro's Zero Day Initiative. The first of the two describes a buffer overload problem and a limit check failure absent in Firefox 66 due to incorrect alias information in the IonMonkey JIT compiler for the Array.prototype.slice method.

On the other hand, the CVE-2019-9813 is about a "typing confusion" problem in the IonMonkey JIT itself, but this time in code. This bug could allow a malicious user to read and write arbitrary memory, which was (and is still possible in v66) possible due to mishandling of__proto__mutations.

Mozilla encourages all users to update as much as possible. As we have mentioned previously, Windows and macOS users will be able to do so from the warning that Firefox shows when an update is available thanks to the fact that Push updates have long existed on those systems. Linux users can download the new version and perform manual installation, but it is not recommended. Those who are using the snap package will be able to update now, while those of us who use the APT version will have to wait a couple of days. Let's wait then.

Firefox Quantum
Related article:
Firefox 66: how to go back to all 4 processes and what does this mean
Firefox Quantum
Related article:
Firefox 66 now available, worse for discrete computers with default settings

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.