Firefox Version 50.0.2 Released to Address Critical Zero-Day Vulnerability

Corrine · November 30, 2016, 11:05:22 PM

Mozilla sent Firefox Version 50.0.2 to the release channel today to address a critical zero-day vulnerability in the wild. Firefox ESR was updated to version 45.5.1. The update includes only the one critical update, Firefox SVG Animation Remote Code Execution.

Additional information about the vulnerability here: Vulnerability Note VU#791496 - Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability.

Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit.

plodr · December 01, 2016, 03:34:34 PM

Thanks. I updated all four ESR versions earlier today with no problems.

Corrine · December 02, 2016, 12:23:21 AM

Quote from: Corrine on November 30, 2016, 11:05:22 PM
Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit.

Twitter message from PaleMoon:

QuoteDespite this, we'll still be releasing a DiD patched update on Dec 2nd that fixes the crash at the root of this.

plodr · December 02, 2016, 02:30:19 PM

Thanks. I grabbed the new version on my portable Palemoon this morn.

Firefox Version 50.0.2 Released to Address Critical Zero-Day Vulnerability

Corrine

plodr

Corrine

plodr