Connect with us

Hi, what are you looking for?



Firefox 122 Patches 15 Vulnerabilities

Updates released for Firefox and Thunderbird resolve 15 vulnerabilities, including five high-severity bugs.

Mozilla on Wednesday announced security updates for both Firefox and Thunderbird, to patch 15 vulnerabilities, including five rated ‘high severity’.

The first high-severity flaw is an out-of-bounds write in ANGLE (Almost Native Graphics Layer Engine), the open source graphics engine used as the default WebGL backend in both Firefox and Chrome.

Tracked as CVE-2024-0741, the issue could be exploited to corrupt memory and cause a crash that could potentially lead to denial of service or arbitrary code execution.

The second issue, CVE-2024-0742, is described as a “failure to update user input timestamp”, allowing the user to unintentionally activate or dismiss certain browser prompts and dialogs.

Other high-severity flaws Mozilla resolved include CVE-2024-0743, which exists because of an unchecked return value in TLS handshake code, CVE-2024-0744, a bug where JavaScript code could have dereferenced a wild pointer value, and CVE-2024-0745, a stack buffer overflow in WebAudio.

Mozilla also patched a medium-severity bug that “could have allowed an attacker to set an arbitrary URI in the address bar or history,” and another where “a phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar”.

All the remaining vulnerabilities are medium-severity flaws leading to crashes, bypass of Content Security Policy, permissions request bypass, privilege escalation, or HSTS policy bypass.

Firefox 122 was released on January 23 with patches for all 15 security defects. Mozilla also pushed out Thunderbird 115.7 and Firefox ESR 115.7 with patches for nine of the bugs.

Advertisement. Scroll to continue reading.

Mozilla makes no mention of any of these vulnerabilities being exploited in the wild. Additional information on the resolved issues can be found on the browser maker’s security advisories page.

Related: Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape

Related: Firefox, Chrome Updates Patch High-Severity Vulnerabilities

Related: Firefox 118 Patches High-Severity Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.