It ships with NSS 3.36.4 and a couple of bug, security fixes

Jun 6, 2018 23:45 GMT  ·  By

Mozilla released on Wednesday Firefox 60.0.2, the second point release of the Firefox 60 "Quantum" web browser series with an updated NSS component and various improvements.

Coming about three weeks after Firefox 60.0.1, this point release isn't as imperious as it, but it updates the NSS (Network Security Services) component, a set of libraries for supporting cross-platform development of security-enabled server and client apps, to version 3.36.4 from 3.36.1 used in the previous release.

NSS 3.36.4 comes with a fix for a crash related to authentication tokens like WebAuthn or PK11 on Apple's macOS platform, and a fix for an SSL_RX_MALFORMED_SERVER_HELLO error that might occur on some systems when attempting to connect to a server that was recently upgraded to Transport Layer Security (TLS) version 1.3.

However, the biggest change included in Firefox 60.0.2 is a fix for a critical security vulnerability reported by Ivan Fratric of Google Project Zero. It's a heap buffer overflow affecting the Skia library, which could lead to a potentially exploitable crash. The issue occurred when rasterizing paths with a maliciously crafted SVG file and with anti-aliasing disabled.

Critical vulnerability fixed, improved font rendering on macOS

Apart from upgrading the NSS (Network Security Services) component, and fixing that critical security vulnerability, the Firefox 60.0.2 point release also improves font rendering on Mac OS X 10.11 and earlier systems when using third-party font managers and adds the missing nodes in the Inspector panel found in the developer tools.

Mozilla also fixed this critical security vulnerability in the Firefox ESR 52.8.1 release. If you're using Firefox 60 "Quantum," you should update to the 60.0.2 point release as soon as possible after reading this. You can install Firefox 60.0.2 via OTA updates or download it for GNU/Linux, Windows, macOS from Softpedia, as well as for Android from Google Play store.