2017
08.12
Firefox – Security Updates

Firefox Quantum versions 57, 57.0.1 and versions ESR (for Windows XP) up to and including version 52.5.1 have a vulnerability that could cause an attacker to crash the browser under certain conditions and for an unspecified follow-up attack could use. This is from safety notes from the Quantum and ESR Mozilla development team. The classified as critical by Mozilla vulnerability with the identifier CVE-2017-7845, however, should be exploitable only on Windows systems.

In addition, there is a second vulnerability in Firefox ESR with a “high” rating (CVE-2017-7843). It allows experienced remote attackers to uniquely identify a user (fingerprinting) in private browser mode and was fixed in Firefox Quantum as part of a previous update a few days ago.

The update to the secured versions 57.0.2 or ESR 52.5.2 will take place automatically as usual, provided that the function has not been deactivated by the user.

back