HIGH SEVERITY VULNERABILITIES IN OLDER VERSION OF FIREFOX FIXED IN VERSION 116

Firefox the sleek fox himself (pun intended), has gone ahead to release patches for over fourteen CVEs in version 116 update. This fixes the high severity vulnerability that is associated with older version of the widely used browser.

It is a known fact that although Firefox is not commonly used globally, it can still account for over 2.79% of users across all continents between the year August 2022- July 2023, according to statcounter.

However, on Tuesday (01-August-2023), the organization announced the release of a new versions which are the following: Firefox 116, Firefox ESR 115.1 and the Firefox ESR 102.14 that fixes the multiple vulnerabilities of high severity.

The update includes nine high-severity vulnerabilities, which are exploitable by RCE’s or sandbox escapes from a malicious attacker, and three of the CVE’s are patches related to memory safety bugs in Firefox.

The CVE’s fixed are the following:

  1. CVE 2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions (High).
  2. CVE-2023-4046: Incorrect value used during WASM compilation (High).
  3. CVE-2023-4047: Potential permissions request bypass via clickjacking (High).
  4. CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions (High).
  5. CVE-2023-4049: Fix potential race conditions when releasing platform objects (High).
  6. CVE-2023-4050: Stack buffer overflow in StorageManager (High).
  7. CVE-2023-4051: Full screen notification obscured by file open dialog (Moderate).
  8. CVE-2023-4052: File deletion and privilege escalation through Firefox uninstaller (Moderate).
  9. CVE-2023-4053: Full screen notification obscured by external program (Moderate).
  10. CVE-2023-4054: Lack of warning when opening appref-ms files (Moderate).
  11. CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state (low).
  12. CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14(High).
  13. CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 (High).
  14. CVE-2023-4058: Memory safety bugs fixed in Firefox 116 (High).

HOW TO UPDATE YOUR FIREFOX BROWSER MANUALLY, TO THE LATEST ON WINDOWS OS:

  •  Step 01:

    Open your Firefox browser   and navigate to the command and control Centre menu by click the horizontal icon at the top right, and click on the Help menu. 

 

firefox-update-step01.png
Steps to update your Firefox browser manually, by clicking the three horizontal lines at the top right, to navigate to the customize and control menu.
  •  Step 02:  

    The next step is to scroll down to the About Firefox menu, and then click it. 

firefox-update-step02.png
Steps to update your Firefox browser manually, by clicking the three horizontal lines at the top right, to navigate to the customize and control menu.
  • Step 03: 

    The About Mozilla Firefox window pops up, and automatically starts applying security updates.

 

firefox-update-step03.png
Firefox immediately communicates with the server and start applying the security updates released or new version released.
  • Step 04:

    The security updates is successfully applied, and prompts user to click the Restart to Update Firefox button. 

firefox-update-step04.png
Firefox displays a restart button, to be able to apply security or newer updates after the restart button has been clicked
  • Step-05:

    Firefox browser reopens with a new tab showing a link of the new version and last old version. The window shows a congratulatory message that your Firefox browser is running on the latest version.  

firefox-update-step05.png
Browser relaunches after applying security updates, with a new tab opened and update message displayed.
  • Step-06:

      To be sure that the browser was successfully updated, repeat step-01 and step-02 respectively, as shown above. 

firefox-update-step06.png
  To verify that the browser has been updated and security patches have successfully been applied.

There were no mentions by Mozilla of these weakness ever been exploited, as at the time these security updates where released.  

We advise users who are yet to update their browsers, with the latest versions provided, to speedily do so.  You can know more about the vulnerabilities patch releases on their official website.

 

 

 

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments