Monday, October 7, 2024
HomeCyber Security NewsFirefox Memory Corruption Flaw Let Attacker Execute Arbitrary Code

Firefox Memory Corruption Flaw Let Attacker Execute Arbitrary Code

Published on

Mozilla Firefox 119 was released with updates for 11 vulnerabilities, including three issues of high severity, seven issues of moderate severity, and one issue of low severity.

Particularly, the browser update also fixes several memory safety flaws that are classified as CVE-2023-5730 and CVE-2023-5731, which could allow an attacker to run arbitrary code.

High-Severity Issues Addressed

The security flaw tracked as CVE-2023-5721, Queued up rendering, might have allowed websites to clickjack.

- Advertisement - EHA

Due to an insufficient activation delay, certain browser prompts and dialogues might be triggered or rejected accidentally by the user. The issue was reported by Kelsey Gilbert.

The subsequent high-severity vulnerability is identified as CVE-2023-5730. Memory safety issues have been fixed in Thunderbird 115.4.1, Firefox 119, and Firefox ESR 115.4.

“Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code”, Mozilla said.

The issue was reported by Jed Davis, Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team.

Additionally, the issue tracked as CVE-2023-5731, Memory safety bugs fixed in Firefox 119.

Mozilla stated that this memory corruption lets attackers run arbitrary code.

Moderate and Low Severity Issues Fixes

Patches for seven moderate-severity flaws that resulted in the bypass of download protections (CVE-2023-5727), crashes (CVE-2023-5724), unexpected errors (CVE-2023-5723), the opening of arbitrary URLs (CVE-2023-5725), and obscured full-screen notifications (CVE-2023-5729) were also included in Firefox 119.

A low severity flaw tracked as CVE-2023-5729, the Fullscreen notification dialog could have been obscured by WebAuthn prompts, has been fixed.

Along with Firefox 119, Mozilla also announced the release of Thunderbird 115.4.1 and Firefox ESR 115.4, which include updates for eight vulnerabilities, including CVE-2023-5721 and CVE-2023-5730.

Mozilla has no disclosure about any of these vulnerabilities being used in malicious activities.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...