Firefox has released patches for some of its high and moderate vulnerabilities in Firefox, ESR (Extended Support Release), and Thunderbird products. These vulnerabilities were privately disclosed, and appropriate CVEs and security advisories have been released.
The severity of the released list of vulnerabilities accounts for 4 High, 1 Low, and 8 Moderate.
High Severity Vulnerabilities:
CVE-2023-37201: Use-after-free in WebRTC certificate generation
This vulnerability exists due to the use-after-free condition in which a pointer to the memory is not cleared even after the memory location is freed up.
An attacker can use this to hack the program and use it for malicious purposes. The CVSS Score for this vulnerability is not published yet.
CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey
This vulnerability exists in the SpiderMonkey, an open-source JS and WebAssembly engine developed by the Mozilla Foundation. SpiderMonkey has a cross-compartment wrapping feature that wraps a scripted proxy.
This feature allows objects from other compartments to be stored in the main compartment leading to a use-after-free condition.
The CVSS Score and vector for this vulnerability are yet to be published.
CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13
This is a memory corruption vulnerability in the Firefox 114, ESR 102.13, and Thunderbird 102.13 versions that attackers could exploit to run arbitrary codes in the system.
The CVSS Score and vector for this vulnerability are yet to be published.
CVE-2023-37212: Memory safety bugs fixed in Firefox 115
This is a memory corruption vulnerability present in Firefox 114 that threat actors can exploit to run arbitrary codes in the systems.
The CVSS Score and vector for this vulnerability are yet to be published.
Medium Severity Vulnerabilities
| CVE(s) | Description |
| CVE-2023-3482 | Block all cookies bypass for localstorage |
| CVE-2023-37203 | Drag and Drop API may provide access to local system files |
| CVE-2023-37204 | Fullscreen notification obscured via option element |
| CVE-2023-37205 | URL spoofing in address bar using RTL characters |
| CVE-2023-37206 | Insufficient validation of symlinks in the FileSystem API |
| CVE-2023-37207 | Fullscreen notification obscured |
| CVE-2023-37208 | Lack of warning when opening Diagcab files |
| CVE-2023-37209 | Use-after-free in `NotifyOnHistoryReload` |
| CVE-2023-37210 | Full-screen mode exit prevention |
Affected Products and Fixed Versions
The mentioned vulnerabilities affect Firefox version 114. In order to fix these vulnerabilities, users are recommended to upgrade their Firefox to version 115.
With more than 392 million users, Firefox stands as one of the most used browsers in the world due to its features and security. Security researchers globally prefer Firefox over any other browsers due to its usability and convenience.
“AI-based email security measures Protect your business From Email Threats!” – .
