Mozilla on Tuesday announced the release of Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14, which include patches for multiple high-severity vulnerabilities.
The browser maker lists a total of 14 CVEs in its advisory, nine of which are rated ‘high severity’. Three of the CVEs refer to memory safety bugs in Firefox.
The first of the high-severity flaws, tracked as CVE-2023-4045, is described as a cross-origin restrictions bypass in Offscreen Canvas, which failed to properly track cross-origin tainting.
The second high-severity issue that Firefox 116 patches is CVE-2023-4046, which is described as the use of an incorrect value during WASM compilation.
“In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process,” Mozilla notes.
The browser update also resolves CVE-2023-4047, a permission request bypass via clickjacking. A page could trick users into clicking on a carefully placed item but instead register the input as a click on a security dialog that was not displayed to the user.
“Potentially risky permissions, such as accessing your location, sending notifications, activating the microphone and so on, are not supposed to be granted until you’ve seen and acted on a clear warning from the browser itself,” Sophos notes.
The three other high-severity vulnerabilities that Firefox 116 resolves include CVE-2023-4048 (an out-of-bounds read flaw causing DOMParser to crash when deconstructing a crafted HTML file), CVE-2023-4049 (race conditions leading to potentially exploitable use-after-free vulnerabilities), and CVE-2023-4050 (stack buffer overflow in StorageManager potentially leading to a sandbox escape).
Tracked as CVE-2023-4056, CVE-2023-4057, and CVE-2023-4058, the memory safety bugs resolved in Firefox 116 could have led to arbitrary code execution.
Most of these high-severity issues, Mozilla says, also impact Firefox extended support and Thunderbird, and were addressed in Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14.
Mozilla makes no mention of any of these vulnerabilities being exploited in attacks.