Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. The CWE definition for the vulnerability is CWE-416. The manipulation with an unknown input leads to a memory corruption vulnerability. This vulnerability affects some unknown processing of the component WebGPU IPC Framework. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability classified as critical was found in Mozilla Firefox, Firefox ESR and Thunderbird ( Web Browser) ( the affected version is unknown). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. For example, users of version 52 will be updated only when version 60.2.0 has been published.Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. From one major version to another, such as the version 52 to version 60 migration, the updates will be implemented only after version X.2.0 is released. System administrators can disable automatic updates by managing ESR through their deployment system. You can read more about the ESR landing process here.Īn ESR release will be automatically upgraded to the subsequent ESR release. an update to the next version will be offered through the application update service.no further updates will be offered for that version.Backports of any functional enhancements and/or stability fixes are not in scope.Īt the end of the support period for an ESR version: Maintenance of each ESR through point releases is limited to high-risk/high-impact security vulnerabilities, and in rare cases may also include off-schedule releases that address live security vulnerabilities. During the first two cycles, please report any bugs such as web compatibility regressions and stability issues. We rely on Firefox ESR users to provide feedback for each new ESR release. The ESR version will also have a three cycle (at least 12 weeks) overlap between the time of a new release and the end-of-life of the previous release to permit testing and certification before you deploy the new version to your organization.
These point releases contain security upgrades. The ESR release is based on the regular release cycle of Firefox for desktop.ĮSR releases are maintained for more than a year, with point releases that coincide with regular Firefox releases. Firefox offers an Extended Support Release (ESR) for organizations, including schools, universities, businesses and others who need extended support for mass deployments.
0 kommentar(er)
