Mozilla this week announced the release of Firefox 110 and Firefox ESR 102.8 with patches for 10 high-severity vulnerabilities.
Tracked as CVE-2023-25728, the first of the security defects could result in an attacker being able to leak a child iframe’s unredacted URI, provided that a redirect is triggered when interacting with that iframe.
The latest Firefox releases also resolve a flaw related to screen hijacking via browser fullscreen mode. Tracked as CVE-2023-25730, the issue exists because a background script could invoke the fullscreen mode and then block the main thread to force the mode indefinitely.
Successful exploitation of the vulnerability, Mozilla explains in its advisory, could result in potential user confusion or spoofing attacks.
The browser maker also resolved an issue in Firefox Focus, where fullscreen notifications would not be shown, thus potentially allowing malicious websites to spoof the browser chrome (CVE-2023-25743).
Another issue resolved this week can allow an attacker to craft a PKCS 12 certificate bundle so that it would allow for arbitrary memory writes via mishandling of PKCS 12 SafeBag attributes (CVE-2023-0767).
Mozilla also resolved a vulnerability in SpiderMonkey (CVE-2023-25735) that could result in cross-compartment wrappers causing the storing of objects from other compartments in the main compartment when wrapping a scripted proxy.
Tracked as CVE-2023-25735, the issue would trigger a use-after-free after the unwrapping of the proxy, Mozilla says.
Three other high-severity vulnerabilities resolved this week could lead to undefined behavior via an invalid downcast (CVE-2023-25737), Firefox crashes when printing on Windows (CVE-2023-25738), or a use-after-free due to a missing check on failed module load requests (CVE-2023-25739).
Additionally, Mozilla announced patches for multiple memory safety bugs impacting Firefox 109 and Firefox ESR 102.7, which are tracked collectively as CVE-2023-25744 and CVE-2023-25745.
Firefox 110 and Firefox ESR 102.8 also arrived with patches for several medium- and low-severity vulnerabilities.
Related: Firefox 107 Patches High-Impact Vulnerabilities
Related: Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird
Related: Firefox 102 Patches 19 Vulnerabilities, Improves Privacy
