Firefox has released patches for some of its high and moderate vulnerabilities in Firefox, ESR (Extended Support Release), and Thunderbird products. These vulnerabilities were privately disclosed, and appropriate CVEs and security advisories have been released.
The severity of the released list of vulnerabilities accounts for 4 High, 1 Low, and 8 Moderate.
This vulnerability exists due to the use-after-free condition in which a pointer to the memory is not cleared even after the memory location is freed up.
An attacker can use this to hack the program and use it for malicious purposes. The CVSS Score for this vulnerability is not published yet.
This vulnerability exists in the SpiderMonkey, an open-source JS and WebAssembly engine developed by the Mozilla Foundation. SpiderMonkey has a cross-compartment wrapping feature that wraps a scripted proxy.
This feature allows objects from other compartments to be stored in the main compartment leading to a use-after-free condition.
The CVSS Score and vector for this vulnerability are yet to be published.
This is a memory corruption vulnerability in the Firefox 114, ESR 102.13, and Thunderbird 102.13 versions that attackers could exploit to run arbitrary codes in the system.
The CVSS Score and vector for this vulnerability are yet to be published.
This is a memory corruption vulnerability present in Firefox 114 that threat actors can exploit to run arbitrary codes in the systems.
The CVSS Score and vector for this vulnerability are yet to be published.
| CVE(s) | Description |
| CVE-2023-3482 | Block all cookies bypass for localstorage |
| CVE-2023-37203 | Drag and Drop API may provide access to local system files |
| CVE-2023-37204 | Fullscreen notification obscured via option element |
| CVE-2023-37205 | URL spoofing in address bar using RTL characters |
| CVE-2023-37206 | Insufficient validation of symlinks in the FileSystem API |
| CVE-2023-37207 | Fullscreen notification obscured |
| CVE-2023-37208 | Lack of warning when opening Diagcab files |
| CVE-2023-37209 | Use-after-free in `NotifyOnHistoryReload` |
| CVE-2023-37210 | Full-screen mode exit prevention |
The mentioned vulnerabilities affect Firefox version 114. In order to fix these vulnerabilities, users are recommended to upgrade their Firefox to version 115.
With more than 392 million users, Firefox stands as one of the most used browsers in the world due to its features and security. Security researchers globally prefer Firefox over any other browsers due to its usability and convenience.
“AI-based email security measures Protect your business From Email Threats!” – .
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…