There has been a known vulnerability with Firfox versions 47 and below.
Integer overflow in WebSockets during data buffering — Mozilla
You need Firefox 48.x to mitigate the vulnerability. Is that patch available through SolarWinds Patch Manager? I can't find it anywhere.
Has there been any update as to when this package will be released? Mozilla announced the vulnerability on August 2nd.
Solarwinds said they have given patch manager to a new internal team who is learning how to do things. Its not looking good at this point in terms of speed and accuracy like it had been. I thought it was bad to wait a day or two before but now its getting crazy
I cannot wait any longer so I have created my own package. I copied the 47.0 package, changed the Name, Bulletin ID and CVE to the correct one. When I reached the "Select Package" screen, changed the direct download URL to the following: https://download-installer.cdn.mozilla.net/pub/firefox/releases/48.0/win32/en-US/Firefox Setup 48.0.exe
The package downloaded successfully and even verified that it was signed by Mozilla. I then made slight changed to the applicability rules and installed rules (changed version from 47.0.0 to 48.0.0. I have not deployed it yet to make sure it installs correctly but as soon as I do, I will post the results
Success...The package worked and installed successfully on a machine that had v47 installed.
Its a shame we have to do this but thank you for sharing it and the results with the community
