Firefox 114 or Firefox ESR 102.12 updates available

Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. Overall, the security risk is considered high. The secured versions are now available for download. One vulnerability in Firefox allows attackers to lure victims to unencrypted fake websites even more effectively.

Anyone who uses the web browser should ensure that the secure version Firefox 114 or Firefox ESR 102.12 is installed. If this is not the case, attackers could target two vulnerabilities (CVE-2023-34416 high, CVE-2023-34417 high) and, in the worst case, compromise computers after malicious code attacks. This should be possible due to previously triggered memory errors. What such attacks could look like remains unclear.

If attackers exploit a click-jacking vulnerability (CVE-2023-34414 high), they could lure victims to unencrypted fraudulent websites without a web browser warning. This is due to a minimal delay in displaying warnings that a website has an invalid TLS certificate. With the right timing, a victim's clicks could end up right in the window of time before the warning appears, thus overriding the certificate error via a button without seeing the warning.

Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the symbol with the three horizontal stripes to the right of the address bar, and then continuing with Help - About Firefox. If necessary, this triggers the update process and prompts users to restart their browser.