KLA11612
Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Race condition vulnerability in Resist Fingerprinting can be exploited remotely via specially designed website to cause denial of service;
2. Stack corruption due to incorrect number of arguments in WebRTC code can be exploited remotely via specially designed website to cause denial of service;
3. Incorrect temporary files access configuration of Mozilla updater service can be exploited locally to bypass security restrictions;
4. Use-after-free vulnerability in DocShell can be exploited remotely via specially designed website to cause denial of service;
5. Buffer overflow vulnerability in plain Firefox text serializer can be exploited remotely via specially designed website to cause denial of service;
6. Use-after-free vulnerability in worker destruction can be exploited remotely via specially designed website to cause denial of service;
7. Out of bounds write vulnerability in NSS can be exploited remotely via specially designed website to cause denial of service;

Mozilla Firefox ESR earlier than 68.3

Update to the latest version
Download Mozilla Firefox ESR