by Martin Brinkmann on October 03, 2018 in Firefox – No comments
Mozilla released Firefox 62.0.3 to the Stable channel of the web browser on October 2, 2018. The new version of the Firefox web browser is a security update first and foremost; it does include playback and freeze fixes for Mac OS X Mojave next to that.
The update is already in distribution which means that most Firefox installations should pick it up automatically.
Firefox’s automatic update system checks for updates frequently and if it finds a new update, installs it automatically. Firefox users who have blocked automatic updates need to run a manual check for updates or download the Firefox installer manually to install it on their devices.
Select Menu > Help > About Firefox to run a manual check for updates in the browser. The popup that opens displays the installed version as well.
We suggest you use the offline installer for that but the stub installer may work as well. The main differences between the two are that the offline installer includes everything that is required to install or update Firefox, and that it will always install a specific version of the browser.
Firefox 62.0.3
Firefox 62.0.3 is a security update for Firefox that fixes two critical security vulnerabilities in Firefox that affect Stable and ESR versions of the browser.
CVE-2018-12386 and CVE-2018-12387 are two critical security issues that affect the sandboxed content process and may be exploited to execute code remotely.
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.
The vulnerability affects Firefox 62.0.2 and earlier versions of the browser and Firefox 60.2.1 ESR and earlier.
Firefox 62.0.3 fixes two Mac OS X related issues next to that.
Users who upgraded their Mac devices to the new operating system version Mojave may have experienced hangs and freezes in Firefox when certain dialogs such as download, upload, or print are activated in the browser UI.
The second issue fixes playback of certain encrypted video streams on Mac OS X.
Mozilla released Firefox 62.0.2 for all supported operating systems as well which addressed a large number of issues and a security issue.