HomeVulnerabilityFirefox, Chrome Updates Patch Excessive-Severity Vulnerabilities

Firefox, Chrome Updates Patch Excessive-Severity Vulnerabilities

Mozilla and Google this week introduced software program updates for Firefox and Chrome that handle a number of high-severity vulnerabilities, together with reminiscence security bugs.

On Tuesday, Mozilla launched Firefox 119 with patches for 11 vulnerabilities, together with three high-severity points.

The primary of the issues, CVE-2023-5721, is an inadequate activation-delay bug that would end result within the person unintentionally activating or dismissing browser prompts and dialogues, probably permitting clickjacking, Mozilla notes in its advisory.

The browser replace additionally addresses a number of reminiscence issues of safety collectively tracked as CVE-2023-5730 and CVE-2023-5731, and which may probably enable attackers to execute arbitrary code.

Firefox 119 additionally arrived with patches for seven medium-severity flaws resulting in header leakage, crashes, sudden errors, the opening of arbitrary URLs, obscured full display screen notifications, and bypass of obtain protections.

Mozilla additionally introduced the discharge of Firefox ESR 115.4 and Thunderbird 115.4.1 with patches for eight of the problems addressed with Firefox 119, together with CVE-2023-5721 and CVE-2023-5730.

See also  Researchers Sound Alarm on Lively Attacks Exploiting Important Zimbra Postjournal Flaw

The browser maker makes no point out of any of those vulnerabilities being exploited in malicious assaults.

On Tuesday, Google introduced a software program replace for Chrome that addresses two vulnerabilities, together with a high-severity situation reported by an exterior researcher.

Tracked as CVE-2023-5472, the flaw is described as a use-after-free situation in Profiles. The web big handed out a $3,000 reward for the vulnerability report.

Use-after-free bugs in Chrome may be exploited to flee the browser sandbox and probably execute code on the underlying working system, supplied they are often mixed with different flaws in a privileged course of. Google has not flagged this vulnerability as being exploited within the wild.

The newest Chrome iteration is now rolling out to customers as model 118.0.5993.117 for macOS and Linux and as variations 118.0.5993.117/.118 for Home windows.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular