There are security updates for the web browsers Firefox, Firefox ESR and Tor. The updates close some critical gaps. Mozilla addresses a critical vulnerability in Firefox and Firefox ESR exploited by a participant in the hacker contest Pwn2Own live. This is an out-of-bounds storage error that could allow an attacker to push and execute malicious code on systems. The flaw is found in how the web browsers handle Vorbis audio files via the Libvorbis API. The same error should also gape in Libtremor. This library is used in the Firefox app on Android and ARM platforms instead of Libvorbis. Attacks should be remotely possible without authentication. In Firefox 59.0.1, the gaps are closed.
In Firefox ESR gaffe still more vulnerabilities. If attackers use them, they can crash the web browser or even execute malicious code. Firefox ESR 52.7.2 is secured. The developers of the anonymizing Tor Browser have also made their software more secure by using Firefox ESR 52.7.2 in its current version 7.5.2. This is also the only innovation in the current Tor edition.