Skip to main content

Mozilla Products Remote Code Execution Vulnerability

Release Date: 3 Oct 2023 3755 Views

RISK: Extremely High Risk

TYPE: Clients - Browsers

TYPE: Browsers

A vulnerability was identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to denial of service and remote code execution on the targeted system.

 

Note:

CVE-2023-5217: Heap buffer overflow in libvpx. It is aware that an exploit for CVE-2023-5217 exists in the wild.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

Versions prior to:

 

  • Firefox 118.0.1
  • Firefox ESR 115.3.1
  • Firefox Focus for Android 118.1
  • Firefox for Android 118.1
  • Thunderbird 115.3.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • Firefox 118.0.1
  • Firefox ESR 115.3.1
  • Firefox Focus for Android 118.1
  • Firefox for Android 118.1
  • Thunderbird 115.3.1

Vulnerability Identifier


Source


Related Link