Mozilla releases Firefox 71

The Mozilla Foundation has released Firefox 71 that addresses multiple vulnerabilities. Attackers could exploit some of the vulnerabilities to take control of impacted systems.

In the latest security advisory 2019-36, Mozilla addressed six high severity and five moderate rated vulnerabilities.

The high risk bugs addressed include:

  1. CVE-2019-11756: Use-after-free of SFTKSession object.
  2. CVE-2019-17008: Use-after-free in worker destruction.
  3. CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code.
  4. CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher.
  5. CVE-2019-17012: Memory safety bug.
  6. CVE-2019-17013: Memory safety bug.

Mozilla noted that the memory corruption bugs could be exploited to run arbitrary code.