Mozilla has issued a security update for Firefox browser – and also the Tor anonymity project has issued a security update for it's Firefox browser. This update closes a zero-day-vulnerability under Windows.
Advertising
Yesterday I reported a zero-day-vulnerability in Tor and Firefox browser – see Firefox Zero-day exploit puts Tor users at risk. This night Mozilla's developer has released a security update for Firefox and Thunderbird. The announcement has been made at this Mozilla page.
Mozilla Foundation Security Advisory 2016-92
Firefox SVG Animation Remote Code Execution
- ANNOUNCED
- November 30, 2016
- PRODUCTS
- Firefox, Firefox ESR, Thunderbird
- FIXED IN
- Firefox 50.0.2
- Firefox ESR 45.5.1
- Thunderbird 45.5.1
#CVE-2016-9079: Use-after-free in SVG Animation
Description
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.
So we have updates for Firefox to 50.0.2 and the ESR version to 45.5.1. Also Thunderbird has been updated to 45,5.1.
A Tor update is available
I just checked the Tor browser under Windows. Selecting the Tor icon in symbol bar and click the "Search for update" command reports a pending update. After installing and restarting Tor, the following version information should be shown. Tor Browser 6.0.7, Firefox 45.5.1esr, NoScript 2.9.5.2.
