Firefox the sleek fox himself (pun intended), has gone ahead to release patches for over fourteen CVEs in version 116 update. This fixes the high severity vulnerability that is associated with older version of the widely used browser.
It is a known fact that although Firefox is not commonly used globally, it can still account for over 2.79% of users across all continents between the year August 2022- July 2023, according to statcounter.
However, on Tuesday (01-August-2023), the organization announced the release of a new versions which are the following: Firefox 116, Firefox ESR 115.1 and the Firefox ESR 102.14 that fixes the multiple vulnerabilities of high severity.
The update includes nine high-severity vulnerabilities, which are exploitable by RCE’s or sandbox escapes from a malicious attacker, and three of the CVE’s are patches related to memory safety bugs in Firefox.
The CVE’s fixed are the following:
- CVE 2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions (High).
- CVE-2023-4046: Incorrect value used during WASM compilation (High).
- CVE-2023-4047: Potential permissions request bypass via clickjacking (High).
- CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions (High).
- CVE-2023-4049: Fix potential race conditions when releasing platform objects (High).
- CVE-2023-4050: Stack buffer overflow in StorageManager (High).
- CVE-2023-4051: Full screen notification obscured by file open dialog (Moderate).
- CVE-2023-4052: File deletion and privilege escalation through Firefox uninstaller (Moderate).
- CVE-2023-4053: Full screen notification obscured by external program (Moderate).
- CVE-2023-4054: Lack of warning when opening appref-ms files (Moderate).
- CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state (low).
- CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14(High).
- CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 (High).
- CVE-2023-4058: Memory safety bugs fixed in Firefox 116 (High).
HOW TO UPDATE YOUR FIREFOX BROWSER MANUALLY, TO THE LATEST ON WINDOWS OS:
Open your Firefox browser and navigate to the command and control Centre menu by click the horizontal icon at the top right, and click on the Help menu.
The next step is to scroll down to the About Firefox menu, and then click it.
The About Mozilla Firefox window pops up, and automatically starts applying security updates.
The security updates is successfully applied, and prompts user to click the Restart to Update Firefox button.
Firefox browser reopens with a new tab showing a link of the new version and last old version. The window shows a congratulatory message that your Firefox browser is running on the latest version.
To be sure that the browser was successfully updated, repeat step-01 and step-02 respectively, as shown above.
There were no mentions by Mozilla of these weakness ever been exploited, as at the time these security updates where released.
We advise users who are yet to update their browsers, with the latest versions provided, to speedily do so. You can know more about the vulnerabilities patch releases on their official website.
Please do let us know in the comment section what are your thoughts about this.