Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird


Mozilla Foundation strongly advises all users of these products to update to the latest versions to ensure their systems are protected against this critical security vulnerability.

Mozilla Foundation has released critical security updates for its web browser, Firefox, as well as its email client, Thunderbird, in response to a significant security vulnerability. This vulnerability, identified as CVE-2023-5217, could potentially allow attackers to execute malicious code on the affected system.

This is the same critical vulnerability for which Google released urgent security patches for the Chrome browser on September 28th, 2023. These patches are designed to protect users from potential spyware attacks.

The Vulnerability

The security flaw, reported by Clément Lecigne of Google’s Threat Analysis Group, centers around a heap buffer overflow in libvpx, a critical component of the Firefox web browser. This vulnerability is particularly concerning as it involves the specific handling of an attacker-controlled VP8 media stream. If successfully exploited, it could lead to a heap buffer overflow within the content process, which could, in turn, enable attackers to execute arbitrary code.

Severity

Mozilla has classified this vulnerability as critical, indicating the seriousness of the threat it poses. Moreover, the foundation has acknowledged that this issue has been actively exploited in other products in the wild, underlining the urgency of addressing it.

Affected Products and Fixes

The security update is applicable to several Mozilla products, including:

  • Firefox: The vulnerability has been addressed in Firefox version 118.0.1.
  • Firefox ESR (Extended Support Release): The fix is available in Firefox ESR version 115.3.1.
  • Firefox Focus for Android: Users can secure their browsing experience by updating to version 118.1.0.
  • Firefox for Android: The vulnerability has been patched in Firefox for Android version 118.1.0.
  • Thunderbird: Users of the Thunderbird email client can protect their communications by updating to version 115.3.1.

Mozilla Foundation strongly advises all users of these products to update to the latest versions to ensure their systems are protected against this critical security vulnerability.

Action Required

To safeguard your web browsing and email communication, it is highly recommended that you promptly update your Firefox browser and Thunderbird email client to the versions specified above. Regularly keeping your software up to date is a fundamental best practice for online security.

For more detailed information on this security vulnerability, you can refer to the official CVE-2023-5217 records and Mozilla’s bug reports at the following links:

  1. Google reveals spyware attack on Android, iOS, and Chrome
  2. Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
  3. Fake Chrome Browser Update Installs NetSupport Manager RAT
  4. Mozilla releases Firefox 86 equipped with ‘Total Cookie Protection’
  5. Hackers using malicious Firefox extension to phish Gmail credentials





Source link