Security News > 2020 > February > Firefox six-weekly security fixes are out – get them now!

Firefox six-weekly security fixes are out – get them now!
2020-02-13 14:16

Rather than patching once a calendar month, Mozilla goes for every sixth Tuesday - or every 42 days, which we call Fortytwosday in a hat-tip to HHGttG. This update takes the regular build of Firefox to 73.0, while the long-term release, which includes security fixes but not feature updates, goes to 68.5.0esr.

The good news is that none of the security holes fixed in this update seem to be what are known as zero-day vulnerabilities, which is the industry term for bugs that the crooks figure out first.

Six official bug numbers have been assigned to this round of fixes, numbered sequentially from CVE-2020-6796 to CVE-2020-6801.

The bugs denoted CVE-2020-6800 and -6801 are those that the Mozilla team themselves found as a side-effect of their ongoing, always-running tests that try to identify possible security holes known as memory safety bugs.

Get the fixes now, or if your Firefox is configured to update automatically, go and check that you have the update.


News URL

https://nakedsecurity.sophos.com/2020/02/13/firefox-six-weekly-security-fixes-are-out-get-them-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2020-6796 Out-of-bounds Write vulnerability in Mozilla Firefox
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write.
network
low complexity
mozilla CWE-787
8.8
2020-03-02 CVE-2020-6800 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4.
network
low complexity
mozilla canonical CWE-787
8.8
2020-03-02 CVE-2020-6801 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 72.
network
low complexity
mozilla canonical CWE-787
8.8