Of the other six bugs on the patch list, we think two are intriguing and important, because both of them give attackers a chance to trick you into clicking something that isn’t what it seems: (See below for the latest version numbers of all currently-supported versions.) In fact, Mozilla retains two ESR versions, so that you can try the previous and the current ESR versions at the same time before making the switch, thus never needing to use the cutting-edge version our your production network at all. This is another reason that some sysadmins like ESR-style software, given that the code in those versions has been geneally exposed to real-life scrutiny for longer, without lagging behind on security patches.
There are almost always at least a few bugs fixed in the mainstream Firefox version that don’t appear in the ESR, and thus can’t be fixed there, because the bugs are new, introduced in the new code added to support the new features. There’s the latest-and-greatest version, currently 103, which has all the latest features and relevant security fixes.Īnd there’s the Extended Support Release (ESR) flavour, which synchs up with the features in the latest version every few months, but in between gets security updates only, thus bringing in new features only after they’ve been available to try out in the mainstream version for some time.Īs you can imagine, sysadmins and IT teams who support Firefox at work often like ESRs because it means they don’t have to foist new features on their own users (or take the inevitable support calls about new menu options, different icons and modified behaviour) without good warning. The reason that these bugs are split into two groups is that Mozilla officially supports two flavours of its browser. CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1.CVE-2022-36320: Memory safety bugs fixed in Firefox 103.…and the good news is that the worst bugs listed, which get a risk category of High, are those found by Mozilla itself using automated bug-hunting tools, and lumped togther under two catchall CVE numbers: It’s time for this month’s scheduled Firefox update (technically, with 28 days between updates, you sometimes get two updates in one calendar month, but July 2022 isn’t one of those months)…
0 kommentar(er)
