close
close

Firefox-Notfall-Update stopt angegriffenes Sicherheitsleck | heise online

Firefox-Notfall-Update stopt angegriffenes Sicherheitsleck | heise online

In the Firefox web browser it is a problem that becomes active in the freer Wildbahn. Current browser versions stop the Sicherheitsleck.

Anzeige


The Mozilla-Entwickler warns of a problem, it is a schwachstelle in the Zeitleisten von Animationen trade. During a Use-after-free-Lücke haben Angreifer in der Inhaltsverarbeitung (content process) Code einschleusen und ausführen können (CVE-2024-9680, noch kein CVSS-Wert, Einstufung durch Mozilla-Programmierer als “critical“). If the program type comes from the sources, the data can be recorded indefinitely. It is less important for the codeschmuggel error.

Those who frighten and those who do less well can work with their own web browser, but the Entwickler does not work. Affected by Mozilla-Stiftung Firefox and Firefox ESR. Firefox versions 131.0.2 are the ESR versions 128.3.1 and 115.16.1 available, to conclude the results. Thunderbird is not affected by the use of Mozilla in the mail program.

In Firefox’s version dialog, find the running software and install it. If you click on the settings, give a hint of the symbol with the three horizontal lines to the right of the address data and proceed to “Hilfe” under “Über Firefox”.


Firefox's version dialog

Firefox's version dialog

If you activate and start the browser in the Firefox version dialog, the browser will no longer be started, but the corrections will become active.

(Image: Screenshot / dmk)

Because the Schwachstelle is getting angry and critical, Firefox nuts and nuts administrators are busy running the new software version that has been installed.

Mozilla automatically activated the only protection-free function of the “Privacy-Preserving Attribution” (PPA) with the update on Firefox 128, without any problems. Noyb has today been protected in the eastern regions data protection system has been completed.


(dmk)