Download this now: Numerous Firefox vulnerabilities fixed in update

Recently, Mozilla released Firefox version 54. According to the security advisory released by the company, a large number of critical and high-risk vulnerabilities were patched in this most recent update. For those who have not downloaded the most recent version, let this post be used as a push to get you to install it as quickly as possible.

One critical vulnerability that received patching was a vulnerability catalogued as CVE-2017-5472, which allowed for "use-after-free using destroyed node when regenerating trees." The issue here is that a hacker could exploit the reallocated freed memory to start a buffer overflow attack, although OWASP states "we are unaware of any exploits based on this type of attack." The possibility for such an attack, however, is enough to consider the vulnerability critical as hackers can execute their own code and steal sensitive data.

Two other critical vulnerabilities that were patched in this update had similar issues. CVE-2017-5470 and CVE-2017-5471 both, according to the security report, "showed evidence of memory corruption," and researchers surmised that "with enough effort that some of these could be exploited to run arbitrary code." The likely result, if you are dealing with a true professional black hat, is that arbitrary code could allow for anything under the sun to be executed on your machine.

Other patched vulnerabilities of interest in Firefox 54 include CVE-2017-7755. This is particularly notable as it only affects Windows users, who make up a large sum of the population that use computers. The vulnerability allows privilege escalation via an exploit in the Firefox installer by utilizing "malicious DLL files stored in the same directory as the installer when it is run."

As stated at the beginning of this article, if you are a Firefox user who hasn't downloaded the most recent version, you are playing a foolish game. I realize it is tedious to update your browser, but the relatively short time it takes to update may save you a whole lot of headaches later.

Photo credit: Mozilla Foundation

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

2 days ago

Container security rises to meet the challenges of container vulnerabilities

As container technology becomes ubiquitous, container security has become crucial. Here’s a look at some recent innovations in this growing…

2 days ago

Best of CES 2020: Products, innovations, and services

From flying Ubers to rolling robots, CES 2020 had it all — and then some. Here’s a look at some…

3 days ago

Hardening your technology infrastructure in preparation for a DDoS attack

By establishing these 11 appropriate controls beforehand, your organization will be better positioned to withstand and survive a DDoS attack.

3 days ago

Microsoft App-V as an application virtualization solution: Pros & cons

If your shop is considering using App-V as an application virtualization solution, read this article first and weigh the pros…

3 days ago

Ransomware threats: Cybercriminals take their wares to the next level

As companies and individuals harden their defenses against ransomware, hackers are creating new and more virulent ransomware threats.

4 days ago