Multiple Vulnerabilities in Mozilla Products

Tags: English. Risk Level: High.

Components Affected

  • Firefox ESR versions prior to 115.4
  • Firefox for iOS versions prior to 119
  • Firefox versions prior to 119
  • Thunderbird versions prior to 115.4.1

Overview

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to cross-site scripting, sensitive information disclosure, spoofing, denial of service and remote code execution on the targeted system.

Description

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for remote code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Details of some of the severe vulnerabilities are as follows:

  • Queued up rendering could have allowed websites to clickjack (CVE-2023-5721)
  • Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 (CVE2023-5730)
  • Memory safety bugs fixed in Firefox 119 (CVE-2023-5731)
  • Cross-Site Scripting (XSS) in reader mode (CVE-2023-5758)

Impact

  • Denial of Service
  • Remote Code Execution(CVE2023-5730)
  • Spoofing
  • Information Disclosure
  • Cross-Site Scripting

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to Firefox ESR 115.4
  • Update to Firefox for iOS 119
  • Update to Firefox 119
  • Update to Thunderbird 115.4.1

Reference

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.