Mozilla on Tuesday introduced security updates for each Firefox and Thunderbird, addressing a complete of 9 vulnerabilities in its merchandise, together with high-severity flaws.
Firefox 118 was launched to the steady channel with patches for all 9 vulnerabilities – all are reminiscence points, most of which may result in exploitable crashes.
Tracked as CVE-2023-5168 and CVE-2023-5169, the primary two high-severity flaws are described as out-of-bounds write points within the browser’s FilterNodeD2D1 and PathOps elements. In keeping with Mozilla, each may result in “a probably exploitable crash in a privileged course of”.
The third bug, CVE-2023-5170, is a reminiscence leak concern that “might be used to impact a sandbox escape if the proper information was leaked”, Mozilla explains in its advisory.
One other high-severity vulnerability was patched within the Ion compiler. Tracked as CVE-2023-5171 and described as a use-after-free situation, the bug allowed an attacker to write down two NUL bytes, inflicting a probably exploitable crash.
Firefox 118 additionally patches CVE-2023-5172, a reminiscence corruption in Ion Hints that might result in a use-after-free situation and a probably exploitable crash.
The browser replace additionally resolves a number of high-severity reminiscence security bugs which might be collectively tracked as CVE-2023-5176. In keeping with Mozilla, “with sufficient effort”, an attacker may exploit a few of these flaws to execute arbitrary code.
The three remaining points patched with the discharge of Firefox 118 are medium- and low-severity reminiscence bugs.
On Tuesday, Mozilla introduced the discharge of Firefox ESR 115.3 and Thunderbird 115.3 with patches for 5 vulnerabilities every. These embrace 4 of the high-severity flaws and one medium-severity bug that Firefox 118 addresses.
Mozilla makes no point out of any of those vulnerabilities being exploited in malicious assaults. Extra particulars may be discovered on Mozilla’s security advisories web page.
