This past week, Firefox 111, a security update that fixes over a dozen vulnerabilities, including some that might be very dangerous, was released by Mozilla. Seven of the 13 CVEs have been given a ‘high’ severity grade. Three of them only affect Firefox for Android, and they enable hackers to run unprompted third-party apps and conceal fullscreen alerts, which may confuse users or expose them to spoofing attacks.
Additional critical weaknesses in the most recent Firefox upgrades can result in information exposure and arbitrary code execution. The cybersecurity company Sophos examined the updates and identified two vulnerabilities: 2023-28161 and 2023-28163.