Friday, May 2, 2025
Homecyber securityFirefox, ESR, and Thunderbird Memory Safety Bugs Could Allow Unauthorized Code Execution

Firefox, ESR, and Thunderbird Memory Safety Bugs Could Allow Unauthorized Code Execution

Published on

SIEM as a Service

Follow Us on Google News

Firefox has released patches for some of its high and moderate vulnerabilities in Firefox, ESR (Extended Support Release), and Thunderbird products. These vulnerabilities were privately disclosed, and appropriate CVEs and security advisories have been released.

The severity of the released list of vulnerabilities accounts for 4 High, 1 Low, and 8 Moderate.

High Severity Vulnerabilities:

CVE-2023-37201: Use-after-free in WebRTC certificate generation

This vulnerability exists due to the use-after-free condition in which a pointer to the memory is not cleared even after the memory location is freed up.

- Advertisement - Google News

An attacker can use this to hack the program and use it for malicious purposes. The CVSS Score for this vulnerability is not published yet.

CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey

This vulnerability exists in the SpiderMonkey, an open-source JS and WebAssembly engine developed by the Mozilla Foundation. SpiderMonkey has a cross-compartment wrapping feature that wraps a scripted proxy.

This feature allows objects from other compartments to be stored in the main compartment leading to a use-after-free condition.

The CVSS Score and vector for this vulnerability are yet to be published.

CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

This is a memory corruption vulnerability in the Firefox 114, ESR 102.13, and Thunderbird 102.13 versions that attackers could exploit to run arbitrary codes in the system.

The CVSS Score and vector for this vulnerability are yet to be published.

CVE-2023-37212: Memory safety bugs fixed in Firefox 115

This is a memory corruption vulnerability present in Firefox 114 that threat actors can exploit to run arbitrary codes in the systems.

The CVSS Score and vector for this vulnerability are yet to be published.

Medium Severity Vulnerabilities

CVE(s)Description
CVE-2023-3482Block all cookies bypass for localstorage
CVE-2023-37203Drag and Drop API may provide access to local system files
CVE-2023-37204Fullscreen notification obscured via option element
CVE-2023-37205URL spoofing in address bar using RTL characters
CVE-2023-37206Insufficient validation of symlinks in the FileSystem API
CVE-2023-37207Fullscreen notification obscured
CVE-2023-37208Lack of warning when opening Diagcab files
CVE-2023-37209Use-after-free in `NotifyOnHistoryReload`
CVE-2023-37210Full-screen mode exit prevention

Affected Products and Fixed Versions

The mentioned vulnerabilities affect Firefox version 114. In order to fix these vulnerabilities, users are recommended to upgrade their Firefox to version 115.

With more than 392 million users, Firefox stands as one of the most used browsers in the world due to its features and security. Security researchers globally prefer Firefox over any other browsers due to its usability and convenience.

“AI-based email security measures Protect your business From Email Threats!” – .

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...