Firefox – Security Updates

Firefox Quantum versions 57, 57.0.1 and versions ESR (for Windows XP) up to and including version 52.5.1 have a vulnerability that could cause an attacker to crash the browser under certain conditions and for an unspecified follow-up attack could use. This is from safety notes from the Quantum and ESR Mozilla development team. The classified as critical by Mozilla vulnerability with the identifier CVE-2017-7845, however, should be exploitable only on Windows systems.

In addition, there is a second vulnerability in Firefox ESR with a “high” rating (CVE-2017-7843). It allows experienced remote attackers to uniquely identify a user (fingerprinting) in private browser mode and was fixed in Firefox Quantum as part of a previous update a few days ago.

The update to the secured versions 57.0.2 or ESR 52.5.2 will take place automatically as usual, provided that the function has not been deactivated by the user.