Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Nov 30, 2016 #1 Mozilla sent Firefox Version 50.0.2 to the release channel today to address a critical zero-day vulnerability in the wild. Firefox ESR was updated to version 45.5.1. The update includes only the one critical update, Firefox SVG Animation Remote Code Execution. Additional information about the vulnerability here: Vulnerability Note VU#791496 - Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability. Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit.
Mozilla sent Firefox Version 50.0.2 to the release channel today to address a critical zero-day vulnerability in the wild. Firefox ESR was updated to version 45.5.1. The update includes only the one critical update, Firefox SVG Animation Remote Code Execution. Additional information about the vulnerability here: Vulnerability Note VU#791496 - Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability. Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Dec 1, 2016 #2 Corrine said: Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit. Click to expand... Twitter message from PaleMoon: Despite this, we'll still be releasing a DiD patched update on Dec 2nd that fixes the crash at the root of this. Click to expand...
Corrine said: Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit. Click to expand... Twitter message from PaleMoon: Despite this, we'll still be releasing a DiD patched update on Dec 2nd that fixes the crash at the root of this. Click to expand...