In its latest stride towards user security, Mozilla has rolled out Firefox 121, bringing along a slew of crucial updates to address 18 vulnerabilities, five of which carry a ‘high‘ severity rating. This release not only fortifies the browser against potential exploits but also underscores Mozilla’s commitment to user safety.
CVE-2023-6856
The foremost among the addressed vulnerabilities is CVE-2023-6856, a heap buffer overflow bug in WebGL. This JavaScript API, responsible for rendering interactive graphics, was susceptible to exploitation on systems equipped with the Mesa VM driver. The vulnerability could lead to remote code execution and sandbox escape, emphasizing the critical nature of the patch.
CVE-2023-6135
Another noteworthy fix in Firefox 121 is CVE-2023-6135, addressing a vulnerability in rendering Network Security Services (NSS) NIST curves. This issue, susceptible to the Minerva side-channel attack, posed a risk of adversaries recovering the long-term private key. The update ensures a more robust defense against potential security breaches.
CVE-2023-6865
Mozilla has also resolved CVE-2023-6865, a bug exposing uninitialized data in EncryptingOutputStream. This vulnerability had the potential to be exploited, allowing attackers to write data to a local disk, thus impacting the private browsing mode. The swift resolution underlines the proactive stance of Firefox in safeguarding user privacy.
CVE-2023-6873 and CVE-2023-6864
Firefox 121 incorporates crucial updates addressing multiple memory safety issues tracked collectively as CVE-2023-6873 and CVE-2023-6864. These updates not only bolster the browser’s overall stability but also extend their impact to Firefox ESR and Thunderbird, ensuring a comprehensive approach to security.
Besides the high-severity fixes, Mozilla patches eight medium-severity flaws, which includes heap buffer overflow, use-after-free, and sandbox escape issues. Additionally, five low-severity bugs have been addressed, collectively contributing to a more resilient browsing experience.
Mozilla has also announced the release of Thunderbird 115.6, addressing 11 vulnerabilities, nine of which overlap with those resolved in Firefox 121. This coordinated approach underscores Mozilla’s commitment to fortifying not just its flagship browser but also its associated email client.
Mozilla’s prompt response to identified vulnerabilities in Firefox 121 showcases its dedication to user security. As users continue to rely on web browsers for various online activities, these security enhancements serve as a testament to Mozilla’s ongoing efforts to stay one step ahead of potential threats. By keeping its software ecosystem fortified, Mozilla ensures a safer digital experience for its users.
The sources for this article include a story from SecurityWeek.
The post Security Vulnerabilities Addressed in Firefox 121 appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/security-vulnerabilities-addressed-in-firefox-121/