Firefox-Notfall-Update stopt angegriffenes Sicherheitsleck | heise online

In the Firefox web browser it is a problem that becomes active in the freer Wildbahn. Current browser versions stop the Sicherheitsleck.

Anzeige

The Mozilla-Entwickler warns of a problem, it is a schwachstelle in the Zeitleisten von Animationen trade. During a Use-after-free-Lücke haben Angreifer in der Inhaltsverarbeitung (content process) Code einschleusen und ausführen können (CVE-2024-9680, noch kein CVSS-Wert, Einstufung durch Mozilla-Programmierer als “critical“). If the program type comes from the sources, the data can be recorded indefinitely. It is less important for the codeschmuggel error.

Firefox: Current Fassungen

Those who frighten and those who do less well can work with their own web browser, but the Entwickler does not work. Affected by Mozilla-Stiftung Firefox and Firefox ESR. Firefox versions 131.0.2 are the ESR versions 128.3.1 and 115.16.1 available, to conclude the results. Thunderbird is not affected by the use of Mozilla in the mail program.

In Firefox’s version dialog, find the running software and install it. If you click on the settings, give a hint of the symbol with the three horizontal lines to the right of the address data and proceed to “Hilfe” under “Über Firefox”.

Because the Schwachstelle is getting angry and critical, Firefox nuts and nuts administrators are busy running the new software version that has been installed.

Mozilla automatically activated the only protection-free function of the “Privacy-Preserving Attribution” (PPA) with the update on Firefox 128, without any problems. Noyb has today been protected in the eastern regions data protection system has been completed.

(dmk)