December 20, 2023 at 10:21AM
Mozilla announced security updates for Firefox 121 and Thunderbird 115.6 addressing 21 vulnerabilities, including high-severity issues like WebGL heap buffer overflow, NSS NIST curves vulnerability to Minerva attack, and uninitialized data exposure in EncryptingOutputStream. Both updates also include patches for several memory safety issues. The release notes contain further details.
Based on the meeting notes, the key takeaways are:
– Mozilla announced security updates for Firefox 121 and Thunderbird 115.6 to address a total of 21 vulnerabilities, including high-severity ones.
– Firefox 121 addressed 18 vulnerabilities, including a “heap buffer overflow” bug in WebGL and an issue rendering Network Security Services (NSS) NIST curves vulnerable to the Minerva side-channel attack.
– Mozilla also resolved CVE-2023-6865, potentially exposing uninitialized data in EncryptingOutputStream, impacting the private browsing mode.
– The latest Firefox iteration addresses multiple memory safety issues.
– Thunderbird 115.6 was released with patches for 11 vulnerabilities, two of which are high-severity flaws allowing attackers to spoof email messages or the time a message was sent.
– Firefox ESR 115.6 was also released with patches for 11 security defects.
– Mozilla clarified that there had been no exploitation of these vulnerabilities in attacks.
This summary captures the key details from the meeting notes regarding the security updates for both Firefox and Thunderbird.