Mozilla Releases Firefox 112 With Fixes For 10 High Severity Vulnerabilities

The Mozilla Foundation has patched ten High risk vulnerabilities in Firefox 112, as well as a number of other bug fixes.

An attacker could exploit these vulnerabilities to take control of impacted systems.

According to the Mozilla Foundation Security Advisory 2023-13, Firefox 112 addressed the following ten High severity vulnerabilities:

  1. CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
  2. CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
  3. CVE-2023-29533: Fullscreen notification obscured
  4. CVE-2023-29534: Fullscreen notification could have been obscured on Firefox for Android
  5. MFSA-TMP-2023-0001: Double-free in libwebp
  6. CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
  7. CVE-2023-29536: Invalid free from JavaScript code
  8. CVE-2023-29537: Data Races in font initialization code
  9. CVE-2023-29550: Memory safety bugs
  10. CVE-2023-29551: Memory safety bugs.

Mozilla stated some of the memory safety bugs “showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.”

The Firefox 112 update also addressed 12 other vulnerabilities rated Moderate or Low severity.

Finally, Mozilla also released updates for Firefox ESR 102.10 and Thunderbird 102.10.

Released Articles