Mozilla has released its latest Firefox 69 update browser version, which by default blocks third-party cookies and crypto miners and disables default support for Adobe Flash Player. The Firefox 69 update also comes with a batch of security patches , which address one critical and eight high-severity vulnerabilities.

The critical vulnerability CVE-2019-11751 enables malicious code execution through command line parameters for Firefox browsers on Windows OS. Mozilla stated that "logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder."

Other high-severity flaws that were fixed include a use-after-free vulnerability, a same-origin policy violation that could allow data theft, and a flaw allowing file manipulation and privilege escalation in Mozilla Maintenance Service.

CVE-2019-11751 (Critical): Malicious code execution through command line parameters

(Critical): Malicious code execution through command line parameters CVE-2019-11746 (High): Use-after-free while manipulating video

(High): Use-after-free while manipulating video CVE-2019-11744 (High): XSS by breaking out of title and Textarea elements using innerHTML

(High): XSS by breaking out of title and Textarea elements using innerHTML CVE-2019-11742 (High): Same-origin policy violation with SVG filters and canvas to steal cross-origin images

(High): Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11736 (High): File manipulation and privilege escalation in Mozilla Maintenance Service

(High): File manipulation and privilege escalation in Mozilla Maintenance Service CVE-2019-11753 (High): Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location

(High): Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location CVE-2019-11752 (High): Use-after-free while extracting a key value in IndexedDB

(High): Use-after-free while extracting a key value in IndexedDB CVE-2019-9812 (High): Sandbox escape through Firefox Sync

(High): Sandbox escape through Firefox Sync CVE-2019-11741 (High): Isolate addons.mozilla.org and accounts.firefox.com

Privacy is not an option, it's a default.



Starting today, we're blocking third-party tracking cookies and cryptominers *automatically* for everyone on all desktop + mobile devices. 🙌



Read more:https://t.co/ZtWuVjvERf — Firefox �"� (@firefox) September 3, 2019

Get A Report of all Vulnerable Firefox Installations

If you currently have Mozilla Firefox deployed on your workstations, it's pretty critical that you update it at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities. Our custom color-coded Vulnerability Audit Report can tell you in no time which devices have an outdated Firefox version in place and need to be patched.

Sample Report - Click to Enlarge

If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Firefox versions in no time.