Mozilla on Tuesday announced the release of Firefox 115 to the stable channel with patches for a dozen vulnerabilities, including two high-severity use-after-free bugs.
Tracked as CVE-2023-37201, the first of the high-severity issues is described as a use-after-free flaw in WebRTC certificate generation.
An open source project, WebRTC enables real-time communication in web browsers and mobile applications, via application programming interfaces (APIs).
“An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS,” Mozilla explains in an advisory.
The second high-severity vulnerability, CVE-2023-37202, is described as a potential use-after-free issue from compartment mismatch in the open source JavaScript and WebAssembly engine SpiderMonkey.
“Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free,” Mozilla says.
The browser maker says the latest Firefox update also addresses high-severity memory safety bugs that might have led to the execution of arbitrary code. The flaws are collectively tracked as CVE-2023-37211 and CVE-2023-37212.
Firefox 115 also includes patches for eight medium-severity vulnerabilities leading to malicious sites placing trackers without permissions, arbitrary code execution, spoofing attacks, URL spoofing, download of files containing malicious code, use-after-free condition, and to tricking users into submitting sensitive data to malicious sites.
This week, Mozilla also announced that Firefox ESR 102.13 and Thunderbird 102.13 were released with patches for five vulnerabilities, including the high-severity use-after-free and memory safety bugs that were addressed in Firefox 115.
Additional information on the resolved vulnerabilities can be found on Mozilla’s security advisories page.
Related: Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
Related: Firefox Updates Patch 10 High-Severity Vulnerabilities
Related: Firefox 107 Patches High-Impact Vulnerabilities
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
