New version of the browser now available for download

Oct 4, 2018 08:29 GMT  ·  By  ·  Comment  · 
Share:             

Mozilla has recently released a new version of Firefox browser that comes to address vulnerabilities in the application, while also bringing other improvements to Windows and macOS systems.

Firefox 62.0.3 isn’t a major release, but given that it resolves security flaws in the browser, it should be installed by all users as soon as possible.

According to Mozilla, there are two JavaScript vulnerabilities in the browser (described in CVE-2018-12386 and CVE-2018-12387), and they have already been confirmed in Firefox 62.0.3 and Firefox ESR 60.2.2.

CVE-2018-12386 is a type confusion in JavaScript and it was disclosed via Beyond Security’s SecuriTeam Secure Disclosure program.

“A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered,” Mozilla explains.

Now available for all supported desktop platforms

CVE-2018-12387 was reported through the same program by researchers Bruno Keith and Niklas Baumstark, who also participated in the disclosure of the first issue.

“A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process,” the company adds.

Firefox 62.0.3 is now available for download for all supported desktop platforms, and it also brings other refinements and improvements to the overall experience with the browser. On macOS Mojave, for instance, the new version of Firefox addresses performance issues, like hangs and freezes, happening at random times when opening certain menus.

You can download Mozilla Firefox for Windows, Linux, and Mac from Softpedia using these links. Additionally, the browser comes with a built-in update engine, so if you haven’t already received the new version, you can also rely on this method to get it.

  Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy

Related Stories

Fresh Reviews

Latest News