Reference: CERTFR-2023-AVI-0881
Risk:
- Remote Arbitrary Code Execution
- Remote Denial of Service
- Security Policy Bypass
- Data Confidentiality Breach
- Remote Indirect Code Injection (XSS)
- Unspecified by the Publisher
Affected Systems:
- Firefox ESR versions prior to 115.4
- Firefox versions prior to 119
- Firefox for iOS versions prior to 119
- Thunderbird versions prior to 115.4.1
Summary: Multiple vulnerabilities have been discovered in Mozilla products. Some of these vulnerabilities could allow an attacker to execute arbitrary code remotely, cause remote denial of service, bypass security policies, and compromise data confidentiality.
Recommendations: Users of affected Mozilla products are strongly advised to take the following actions:
- Update Mozilla Products: Ensure that Mozilla Firefox ESR, Firefox, Firefox for iOS, and Thunderbird are updated to the latest versions (115.4, 119, 119, and 115.4.1 or later, respectively).
- Refer to Security Bulletins: For detailed information and patches, refer to the official security bulletins released by Mozilla on October 24, 2023.
Documentation:
- Mozilla Security Advisory mfsa2023-47
- Mozilla Security Advisory mfsa2023-45
- Mozilla Security Advisory mfsa2023-46
- Mozilla Security Advisory mfsa2023-48
CVE References:
- CVE-2023-5721
- CVE-2023-5732
- CVE-2023-5724
- CVE-2023-5725
- CVE-2023-5726
- CVE-2023-5727
- CVE-2023-5728
- CVE-2023-5730
- CVE-2023-5722
- CVE-2023-5723
- CVE-2023-5729
- CVE-2023-5731
- CVE-2023-5758
For a detailed version history and other related information, please refer to the official document’s version management section.