The Mozilla Foundation has patched ten High risk vulnerabilities in Firefox 112, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
According to the Mozilla Foundation Security Advisory 2023-13, Firefox 112 addressed the following ten High severity vulnerabilities:
- CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
- CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
- CVE-2023-29533: Fullscreen notification obscured
- CVE-2023-29534: Fullscreen notification could have been obscured on Firefox for Android
- MFSA-TMP-2023-0001: Double-free in libwebp
- CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
- CVE-2023-29537: Data Races in font initialization code
- CVE-2023-29550: Memory safety bugs
- CVE-2023-29551: Memory safety bugs.
Mozilla stated some of the memory safety bugs “showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.”
The Firefox 111 update also addressed 12 other vulnerabilities rated Moderate or Low severity.
Finally, Mozilla also released updates for Firefox ESR 102.10 and Thunderbird 102.10.
- Microsoft April 2023 Security Updates Fixes 97 Vulnerabilities (7 Critical, 1 zero-day)
- Apple patches 2 zero-day vulnerabilities in iOS 16.4.1 and macOS Ventura 13.3.1
- Adobe April Security Updates For Acrobat and Reader, Multiple Other Products
- CISA Adds Veritas, Windows and Arm Mali GPU Vulnerabilities To Known Exploited Vulnerabilities Catalog
- Microsoft March 2023 Security Updates Fixes 101 Vulnerabilities (9 Critical, 2 zero-days)