Jump to content


anyweb

Mozilla Firefox & Mozilla Thunderbird - Patch these critical vulnerabilities immediately

By anyweb, in Official Forum Supporters

Recommended Posts

anyweb Proficient

anyweb

Posted
Posted

Mozilla addressed two zero-day vulnerabilities in Mozilla Firefox that were being used in targeted attacks in the wild. CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox that can result in an exploitable crash. CVE-2019-11708 is a sandbox escape vulnerability. Combining both CVE-2019-11708 and CVE-2019-11707, attackers can perform arbitrary code execution. Thunderbird is also affected but generally cannot be exploited since scripting is disabled when reading mail. It is recommended that these two vulnerabilities are patched as soon as possible.

Following this, patches were also released to address vulnerabilities in Adobe, Apple, Google, and Mozilla.

 

Here, we have the complete list of updates released:

 

  • 24910 Update iCloud (7.12.0.14) fixes multiple vulnerabilities.                            

  • 24911 Update Apple iTunes (12.9.5.7) fixes multiple vulnerabilities.                    

  • 24912 Update Apple iTunes (X64) (12.9.5.7) fixes multiple vulnerabilities.         

  • 24976 CVE-2019-7845 is fixed in the Adobe Flash Player Plugin (32.0.0.207)      

  • 24977 CVE-2019-7845 is fixed in the Adobe Flash Player ActiveX (32.0.0.207)   

  • 24978 CVE-2019-7845 is fixed in the Adobe Flash Player PPAPI (32.0.0.207)      

  • 24997 iCloud 10.4 fixes multiple vulnerabilities in Windows 10 version 18362.145 or higher 

  • 24998 CVE-2019-5842 is fixed in Google Chrome (75.0.3770.90)                            

  • 24999 CVE-2019-5842 is fixed in Google Chrome (x64) (75.0.3770.90)                  

  • 25006 CVE-2019-11708 fixed in Mozilla Firefox (67.0.4)                                     

  • 25007 CVE-2019-11708 fixed in Mozilla Thunderbird (60.7.2)                                 

  • 25008 CVE-2019-11708 fixed in Mozilla Firefox ESR (60.7.2)                                 

  • 25009 CVE-2019-11708 fixed in Mozilla Firefox (x64) (67.0.4)                               

  • 25010 CVE-2019-11708 fixed in Mozilla Firefox ESR (x64) (60.7.2)            

 

Kindly patch these vulnerabilities ASAP to keep your network secure from exploits.

 

For patching third-party applications, you can use Patch Connect Plus which integrates with SCCM. You can also learn more and free trial the catalogs from here

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.