The Mozilla Foundation has released Firefox 71 that addresses multiple vulnerabilities. Attackers could exploit some of the vulnerabilities to take control of impacted systems.
In the latest security advisory 2019-36, Mozilla addressed six high severity and five moderate rated vulnerabilities.
The high risk bugs addressed include:
- CVE-2019-11756: Use-after-free of SFTKSession object.
- CVE-2019-17008: Use-after-free in worker destruction.
- CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code.
- CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher.
- CVE-2019-17012: Memory safety bug.
- CVE-2019-17013: Memory safety bug.
Mozilla noted that the memory corruption bugs could be exploited to run arbitrary code.