Patch Now! Firefox Releases Patches for Critical Vulnerabilities

It’s been a bit quiet on the browser front until today. Both Chrome and Firefox released patches for some moderate to critical vulnerabilities, and Automox customers can deploy immediately from their console.

The big news comes with CVE-2019-11764, impacting Firefox 70 and ESR 68.2. Packaging multiple critical memory safety bugs, this exploit gives an attacker the ability to use the privileges of the local user and install programs, impact file systems, and even create accounts if allowed.

Firefox ESR received eight CVE fixes in this round of patches, with three rated high-severity:

  • CVE-2019-15903 - Heap overflow in expat library in XML_GetCurrentLineNumber
  • CVE-2019-11758 - A potentially exploitable crash due to 360 Total Security
  • CVE-2019-11757 - Use-after-free bug that occurs when creating index updates in IndexedDB

Mozilla Firefox received seven CVE fixes as well in this round, with three rated high-severity:

  • CVE-2019-11757 - Use-after-free bug that occurs when creating index updates in IndexedDB
  • CVE-2019-15903 - Heap overflow in expat library in XML_GetCurrentLineNumber
  • CVE-2018-6156 -  Heap buffer overflow in FEC processing in WebRTC

Google Chrome received 37 security fixes in their round of patch updates, with three ranked high-severity; CVE-2019-12699 is use-after-free bug in media. Similar to other bypasses, the exploitation of this code would allow attackers to bypass security restrictions, steal private information, and even act as a denial-as-service for the local machine. The other high-severity CVE fixes include:

Your Plan of Attack? Patch Now!

The most effective way to keep Firefox fully secure and up-to-date is to patch now and patch automatically. Applying patches for your operating systems and third party apps as soon as they become available is the best way to prevent an exploit.

If you’ve already updated and have Automox policies in place, you should be secure. If not, we can help.

Automox recommends that you set up a single Patch All or Patch Critical policy to address Firefox and other apps. This will automatically apply any outstanding patches to your system on a regular schedule. You can also see which specific systems are impacted from the Software page (if enabled).

Log in to the console and click on the Software icon found in the left navigation pane. In the search box on the Software page, simply type the number of any Knowledge Base article or software title and hit enter. You can also sort the list by severity level. If devices are impacted, you will see a list of all impacted devices and versions, as well as information on severity and the associated CVE.

Screen Shot 2019-10-23 at 4.13.06 PM

Automox can help ensure your systems are adequately patched in a timely manner in order to protect your organization against any vulnerability. As a best practice, you should always ensure that you have at least one patch policy assigned to all of your devices for Critical, Medium, and Low severity patches. These updates are generally Security and Cumulative software updates. Automox is designed to automate your response to zero-day vulnerabilities like this and others across the Windows, MacOS, and Linux operating systems.

Current Automox customers can create policies that automatically handle the patching and execution of important updates for you every single month. Alternatively, you may contact our support team for technical assistance at

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.