A potential buffer overflow vulnerability in flex-generated code can be exploited remotely to cause denial of service.Multiple out-of-bounds read vulnerabilities in the Libevent library can be exploited remotely to cause denial of service. ![]() An out-of-bounds write vulnerability in ClearKeyDecryptor can be exploited remotely to cause denial of service.An out-of-bounds read vulnerability in ConvolvePixel can be exploited remotely to cause denial of service.An out-of-bounds read vulnerability related to glyph processing can be exploited remotely to cause denial of service.An out-of-bounds read vulnerability related to HTTP/2 DATA frames are sent with incorrect data content can be exploited remotely to cause a denial of service.A buffer overflow vulnerability in application/http-index-format content can be exploited remotely to allow out-of-bounds reading of data from memory.An out-of-bounds write vulnerability in BinHex decoding can be exploited remotely to cause denial of service.A memory corruption vulnerability related to DOM manipulations of the accessibility tree can be exploited remotely to cause denial of service.A use-after-free vulnerability related to style changes when manipulating DOM elements can be exploited remotely to cause denial of service.A use-after-free vulnerability related to holding a selection during scroll events can be exploited remotely to cause denial of service.A use-after-free vulnerability in t圎xecutionState destructor related to XSLT processing can be exploited remotely to cause denial of service.A use-after-free vulnerability in nsAutoPtr and nsTArrayLength() during XSLT processing can be exploited remotely to cause denial of service.A use-after-free vulnerability in frame selection can be exploited remotely to cause denial of service.A use-after-free vulnerability in text input selection can be exploited remotely to cause denial of service.A use-after-free vulnerability in focus handling can be exploited remotely to cause denial of service.A buffer overflow vulnerability in WebGL can be exploited remotely to cause denial of service.An out-of-bounds write vulnerability in BASE64 encoding in NSS can be exploited remotely to cause a denial of service.An out-of-bounds write vulnerability in the Graphite 2 library can be exploited remotely to cause a denial of service.A use-after-free vulnerability which occurs during transaction processing in the editor can be exploited remotely to cause a denial of service.A use-after-free vulnerability in SMIL can be exploited remotely to cause denial of service.Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions, gain privileges and read/write local files.īelow is a complete list of vulnerabilities: Just a workaround).Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. (If the download option is not available, the download it with your Internet Explorer. Rezip the xpi file, if necessary, then install in Pale Moon. Within this xpi archive, then change the min-version, in install.rdf, from 41.0 to 24.0. To install Super Start 7.4.0.1, download the Super Start install file from AMO (super_start-7.4.0-fx-windows.xpi). ![]() Super Start version 7.4.0.1 appears perfectly compatible with Pale Moon. They support the latest version of Super Start. However, my choice at the moment: As an alternative you can consider to switch (temporarly) to Pale Moon. You won’t get new features (ESR is based on an older version of Firefox), but by the time ESR upgrades to Quantum, you should be able to go back to the regular channel with an expanded set of WebExtension APIs.Īll older Firefox versions can be found here: The ESR (Extended Support Release) here: ![]() Using ESR will allow you to receive security updates while still keeping your legacy add-ons for the first few releases of Firefox Quantum. I’d suggest looking into Firefox ESR if your add-ons are absolutely critical to your work. Firefox 56 is the last release to support legacy APIs for add-ons.
0 Comments
Leave a Reply. |