Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape


On Tuesday, Mozilla released security upgrades for Thunderbird and Firefox to fix 20 vulnerabilities, including a few that related to memory safety.Patches for 18 vulnerabilities—five of which have a “high” severity rating—were included in Firefox 121.

CVE-2023-6856, a heap buffer overflow flaw in WebGL, the JavaScript API used to generate interactive graphics in browsers, is the most prominent bug on the list.x000D “On systems running the Mesa VM driver, the WebGL DrawElementsInstanced method was vulnerable to a heap buffer overflow.” According to Mozilla’s advisory, “This vulnerability could enable remote code execution and sandbox escape for an attacker.”

Read More…