Security News > 2020 > February > Firefox six-weekly security fixes are out – get them now!
Rather than patching once a calendar month, Mozilla goes for every sixth Tuesday - or every 42 days, which we call Fortytwosday in a hat-tip to HHGttG. This update takes the regular build of Firefox to 73.0, while the long-term release, which includes security fixes but not feature updates, goes to 68.5.0esr.
The good news is that none of the security holes fixed in this update seem to be what are known as zero-day vulnerabilities, which is the industry term for bugs that the crooks figure out first.
Six official bug numbers have been assigned to this round of fixes, numbered sequentially from CVE-2020-6796 to CVE-2020-6801.
The bugs denoted CVE-2020-6800 and -6801 are those that the Mozilla team themselves found as a side-effect of their ongoing, always-running tests that try to identify possible security holes known as memory safety bugs.
Get the fixes now, or if your Firefox is configured to update automatically, go and check that you have the update.
News URL
https://nakedsecurity.sophos.com/2020/02/13/firefox-six-weekly-security-fixes-are-out-get-them-now/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-02 | CVE-2020-6796 | Out-of-bounds Write vulnerability in Mozilla Firefox A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. | 8.8 |
2020-03-02 | CVE-2020-6800 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. | 8.8 |
2020-03-02 | CVE-2020-6801 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 72. | 8.8 |