Mozilla has released Firefox 129, addressing multiple high-severity vulnerabilities. These patches are critical for enhancing the browser’s security and protecting users from potential exploits.
Detailed Vulnerability Table
The latest Firefox update patches several critical vulnerabilities, each significantly impacting user security. Below is a summary of the most notable issues:
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
| CVE ID | Impact | Description | References |
| CVE-2024-7518 | High | Out-of-bounds memory access in graphics shared memory handling. | Bug 1875354 |
| CVE-2024-7519 | High | Out of bounds memory access in graphics shared memory handling. | Bug 1902307 |
| CVE-2024-7520 | The fullscreen notification dialog can be obscured by document content. | Type confusion in WebAssembly. | Bug 1903041 |
| CVE-2024-7521 | High | Incomplete WebAssembly exception handling. | Bug 1904644 |
| CVE-2024-7522 | High | Out of bounds read in editor component. | Bug 1906727 |
| CVE-2024-7523 | High | Document content could partially obscure security prompts (affects Android versions). | Bug 1908344 |
| CVE-2024-7524 | High | CSP strict-dynamic bypass using web-compatibility shims. | Bug 1909241 |
| CVE-2024-7525 | High | Missing permission check when creating a StreamFilter. | Bug 1909298 |
| CVE-2024-7526 | High | Uninitialized memory used by WebGL. | Bug 1910306 |
| CVE-2024-7527 | High | Use-after-free in JavaScript garbage collection. | Bug 1871303 |
| CVE-2024-7528 | High | Use-after-free in IndexedDB. | Bug 1895951 |
| CVE-2024-7529 | Moderate | Document content could partially obscure security prompts. | Bug 1903187 |
| CVE-2024-7530 | Moderate | Use-after-free in JavaScript code coverage collection. | Bug 1904011 |
| CVE-2024-7531 | Low | PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines. | Bug 1910306 |
The vulnerabilities addressed in this update pose significant risks, including potential spoofing attacks, memory corruption, sandbox escapes, and unauthorized data access.
For instance, CVE-2024-7518 could allow a malicious site to obscure fullscreen notification dialogs, potentially tricking users into performing unintended actions.
Similarly, CVE-2024-7519 involves out-of-bounds memory access, which could lead to memory corruption and sandbox escapes. Given the high impact of these vulnerabilities, users are strongly advised to update their Firefox browsers to version 129 immediately.
This update enhances security and ensures a safer browsing experience by mitigating the risks associated with these vulnerabilities.
Mozilla’s proactive approach to addressing these issues underscores the importance of regular software updates and vigilance in cybersecurity practices. Users should remain informed about such updates and apply them promptly to protect their data and privacy.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access