The Mozilla Foundation has released Firefox 115 to the stable channel. This update addresses several high-level vulnerabilities.
One of them, CVE-2023-37201, involved a use-after-free issue in WebRTC certificate generation.
“Possibly cause a use-after-free condition when an attacker creates a WebRTC connection over HTTPS,” Mozilla writes.
Another CVE-2023-37202 is a use-after-free vulnerability due to a compartment mismatch in SpiderMonkey (the JavaScript engine used by Firefox).
“A cross-compartment wrapper around a scripted proxy could cause objects from other compartments to be stored in the main compartment, resulting in post-free usage,” the advisory reads.
Meanwhile, CVE-2023-37211 highlights memory safety bugs fixed in Firefox 115, ESR 102.13, and Thunderbird 102.13. Similarly, CVE-2023-37212 is related to a memory safety bug specifically fixed in Firefox 115.
“Some of these bugs show evidence of memory corruption, and we believe that with enough effort, some of these could have been exploited to execute arbitrary code,” the company said. writes.
For more information about memory corruption bugs, see Apple Addresses Security Flaws Exploited in iOS, macOS, and Safari.
These include CVE-2023-3482, which addresses a bypass that blocks cookies in local storage. CVE-2023-37203: Addressed potential access to local system files via the drag and drop API. CVE-2023-37204 addressed full screen notification obfuscation.
CVE-2023-37205 also addressed URL spoofing in the address bar using RTL characters. Addressed CVE-2023-37206, insufficient validation of symbolic links in the FileSystem API. CVE-2023-37207 addressed full screen notification obfuscation.
Finally, CVE-2023-37208 addressed an issue where no warning was displayed when opening Diagcab files. Addressed CVE-2023-37209, use after free issue. CVE-2023-37210 addressed fullscreen exit prevention.
Mozilla recommended that users update their Firefox browser to version 115 immediately to benefit from these critical bug fixes and maintain a safe browsing environment.
These patches come a few weeks after Microsoft publishes its monthly Patch Tuesday Roundup.
Editorial image credit: rafapress / Shutterstock.com
