Mozilla has released security updates to the Firefox browser and Thunderbird mail client to address several vulnerabilities.
Mozilla has released a security update to address multiple vulnerabilities in the Firefox browser and Thunderbird mail client. the company 13 vulnerabilities It is in the Firefox browser with the Firefox 95 release, including six high-severity defects.
The most serious of these flaws could allow an attacker to execute arbitrary code within the context of a vulnerable application, potentially leading to complete system compromise.
Firefox fixed a URL leak when navigating while running an asynchronous function tracked as CVE-2021-43536..
“Under certain circumstances, an async function may have caused the navigation to fail, but expose the target URL.” To read advice Published by Mozilla.
Another bug fixed in the latest release is the missing full screen and pointer lock notifications when both are requested (CVE-2021-43538). An attacker could misuse the competition in the notification code to forcibly hide notifications for pages that received full-screen and pointer-locked access, which could be exploited in a spoofing attack.
Another vulnerability addressed by Mozilla is a GC rooting failure when calling a wasm instance method, traced as CVE-2021-43539. Other high-severity issues patched by the company affect Firefox, Firefox ESR, and Thunderbird.
Mozilla also fixed a memory safety bug in Firefox 95 and Firefox ESR 91.4 that could lead to arbitrary code execution.
“Some of these bugs have shown evidence of memory corruption, and we presume that, with sufficient effort, some of these bugs can be exploited to run arbitrary code.” recommendations are specified.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory urging organizations to apply security patches.
“Mozilla has released a security update to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker who could exploit some of these vulnerabilities could take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisories. Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0 Apply any necessary updates.” To read Recommendations issued by CISA.
Follow me on Twitter: @securityaffairs and Facebook
(security work – Hacking, Mozilla)
share