Mozilla Releases Firefox 109 With Fixes For 4 High Severity Vulnerabilities

The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 109, as well as a number of other bug fixes.

An attacker could exploit these vulnerabilities to take control of impacted systems.

According to the Mozilla Foundation Security Advisory 2023-01, Firefox 109 addressed the following four High severity vulnerabilities:

  1. CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files.
  2. CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux.
  3. CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7.
  4. CVE-2023-23606: Memory safety bugs fixed in Firefox 109.

Regarding CVE-2023-23597, Mozilla stated:

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read.”

Moreover, Mozilla warned the memory safety bugs (CVE-2023-23605 and CVE-2023-23606) could be exploited to run arbitrary code.

The Firefox 109 update also addressed six other vulnerabilities rated Moderate or Low severity.

Finally, Mozilla also released updates for Firefox ESR 102.7.

Released Articles