Firefox 118 Patches High-Severity Vulnerabilities
27-Sep-23
Mozilla released security upgrades for Thunderbird and Firefox on Tuesday, fixing nine vulnerabilities in all, including high-severity problems. All nine vulnerabilities, which are all memory-related and most of which might result in exploitable crashes, were patched in Firefox 118, which was made available to the stable channel.
The first two high-severity weaknesses are identified as CVE-2023-5168 and CVE-2023-5169, respectively, and are defined as out-of-bounds write problems in the PathOps and FilterNodeD2D1 components of the browser. Both may result in “a potentially exploitable crash in a privileged process,” according to Mozilla.x000D The third flaw, CVE-2023-5170, is a memory leak problem that, according to Mozilla’s advisory, “could be used to effect a sandbox escape if the correct data was leaked.”
