January 25, 2024 at 06:48AM
Mozilla announced security updates for Firefox and Thunderbird to patch 15 vulnerabilities, including five high-severity flaws. The first flaw could allow memory corruption and potential denial of service or execution of arbitrary code. Other issues include failure to update user input timestamp, unchecked return value in TLS handshake code, and a stack buffer overflow in WebAudio. Firefox 122 and Thunderbird 115.7 were released with patches for the vulnerabilities.
From the meeting notes, it is clear that Mozilla released security updates for Firefox and Thunderbird to address a total of 15 vulnerabilities. Five of these vulnerabilities are rated as ‘high severity’. The specific high-severity flaws include issues such as out-of-bounds write, failure to update user input timestamp, unchecked return value in TLS handshake code, a bug where JavaScript code could have dereferenced a wild pointer value, and a stack buffer overflow in WebAudio.
Mozilla also patched a medium-severity bug that could have allowed an attacker to set an arbitrary URI in the address bar or history, and another medium-severity bug related to phishing content.
Firefox version 122 was released on January 23 with patches for all 15 security defects. Additionally, Mozilla pushed out Thunderbird 115.7 and Firefox ESR 115.7 with patches for nine of the bugs.
It’s worth noting that Mozilla did not mention any of these vulnerabilities being exploited in the wild. Further details on the resolved issues can be found on Mozilla’s security advisories page.