Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.
Critical vulnerabilities have been discovered in the Mozilla Firefox web browser and Firefox Extended Support Release (ESR), and a high-severity bug has been reported for Google Chrome, all of which could allow for arbitrary code execution.
The bugs were announced as part of larger updates (to Chrome 78 stable channel release, Firefox 70 and Firefox ESR 68.2) that also included several fixes for high-severity and moderate flaws.
“Depending on the privileges associated with the user, an attacker could then install programs; view, change or delete data; or create new accounts with full user rights,” MS-ISAC said in an emailed advisory. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”