Information for

Multiple Vulnerabilities in Mozilla Products

Languages: English. Risk Level: High.

Components Affected

  • Mozilla Firefox ESR versions prior to 115.5.0
  • Mozilla Firefox for IOS versions prior to 120
  • Mozilla Firefox versions prior to 120
  • Mozilla Thunderbird versions prior to 115.5

Overview

Multiple vulnerabilities have been reported in Mozilla products which could allow a remote attacker to perform data manipulation, Elevation of privilege, Denial of service, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

Description

These vulnerabilities exist in Mozilla products due to Out-of-bound memory access in WebGL2 blit Frame buffer ,Use-after-free in Message Port:Entangled and Readable Byte Stream Queue Entry::Buffer, Clickjacking permission prompts using the fullscreen transition, the potential for copying contents into X11 primary selection through the Selection API, Incorrect parsing of relative URLs starting with “///”, Mixed-content resources not blocked in a javascript: pop-up, Clickjacking enabling the loading of insecure pages in HTTPS-only mode and Memory safety bugs. Furthermore there’s a potential Privilege Escalation through in ReaderMode and HTML injection in %READER-BYLINE% of ReaderMode .

Impact

  • Remote Code Execution
  • data manipulation
  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Sensitive information disclosure

Solution/ Workarounds

Apply appropriate fixes issued by the vendor:

https://www.mozilla.org/en-US/security/advisories/

Reference

https://cert-in.org.in/
https://www.mozilla.org/en-US/security/advisories/

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.

Recent Alerts