Mozilla patches 4 critical vulnerabilities with the release of Firefox 46

Mozilla today released Firefox 46 which fixes 14 vulnerabilities of which 4 have been marked critical. Some of the critical vulnerabilities showed evidence of memory corruption which according to Mozilla would allow them to be exploited to run arbitrary code. Exploiting these vulnerabilities would require no more than visiting a malicious website.


Besides the 4 critical leaks, also 4 high impact vulnerabilities were patched and also 5 vulnerabilities that were marked as low impact.

One of the high impact vulnerabilities is in Firefox for Android and allowed an attacker to read out orientation data and motion sensors. This could be done with Javascript and allowed an attacker to infer touch actions on the device through these sensors when orientation events are triggered in the browser, compromising user privacy and including potentially revealing entered PIN code and other activities.

It’s recommend to upgrade to Firefox 46 as soon as possible which on most systems is done automatically.