Firefox 50.0.2/45.5.1 ESR and Thunderbird 45.5.1 are out now

Dec 1, 2016 05:58 GMT  ·  By

If you've been reading the news lately, you might have stumbled upon an article that talked about a 0-day vulnerability in the Mozilla Firefox web browser, which could be used to attack Tor users running Tor Browser on Windows systems.

The vulnerability was, in fact, an use-after-free in Firefox's SVG Animation code, but it looks like security researchers recently discovered that an exploit could have been built on this security flaw to target Windows users using either Mozilla Firefox or TOR Browser web browsers on the anonymous Tor network.

"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows," reads Mozilla Foundation Security Advisory 2016-92, and the issue has been documented by Mozilla as CVE-2016-9079.

Users urged to update to Firefox 50.0.2, Thunderbird 45.5.1, or Tor Browser 6.0.7

Mozilla was quick to patch the security vulnerability in the latest versions of its Firefox, Firefox ESR (Extended Support Release), and Thunderbird products, and released Mozilla Firefox 50.0.2, Mozilla Firefox ESR 45.5.1, and Mozilla Thunderbird 45.5.1 for all supported platforms, including Linux, Mac, and Windows.

While only Windows users appeared to be targeted by the use-after-free in SVG Animation, it's good practice always to use the latest versions of the software applications you need. As such, you are urged to update as soon as possible to Firefox 50.0.2, Thunderbird 45.5.1, or Firefox ESR 45.5.1.

In the same manner, the Tor Project released Tor Browser 6.0.7 security update, which is based on Mozilla Firefox ESR 45.5.1. If you're using a GNU/Linux distribution, you should know that Firefox 50.0.2 and Thunderbird 45.5.1 have landed in the repositories of Ubuntu and Arch Linux operating systems.