The Mozilla Foundation has patched three High risk vulnerabilities in Firefox 115, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
According to the Mozilla Foundation Security Advisory 2023-24, Firefox 115 addressed the following three High severity vulnerabilities:
- CVE-2023-37201: Use-after-free in WebRTC certificate generation
- CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey
- CVE-2023-37211: Memory safety bugs fixed.
Mozilla stated some of the memory safety bugs “showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.”
The Firefox 115 update also addressed two other vulnerabilities rated Moderate severity.
Finally, Mozilla fixed multiple security vulnerabilities in Firefox ESR 102.13 Mozilla Foundation Security Advisory 2023-23 and Thunderbird 102.13 Mozilla Foundation Security Advisory 2023-22.