The Mozilla Foundation has released new versions of the web browsers Firefox, Firefox ESR and the email program Thunderbird as planned. There are fewer new functions, but the developers have fixed various security-related vulnerabilities.

The according Firefox 123 security advisory lists four high-risk vulnerabilities, six of medium threat level and two of low threat level, for a total of twelve vulnerabilities. Attackers could read access to the Networking Channels outside of the intended memory limits. When saving in and accessing a networking channel again, the length of buffers could get mixed up, the developers explain (CVE-2024-1546, no CVSS, risk high according to Mozilla).

Multiple high-risk vulnerabilities

Another vulnerability allows attackers to fake a warning dialog on third-party websites through a series of API calls and redirects. The URL of the victim website is even displayed (CVE-2024-1547, no CVSS value, risk high). In addition, there are security holes due to memory management problems that only affect Firefox before 123 (CVE-2024-1557, no CVSS, high) as well as those that also open security vulnerabilities in the previous versions of Firefox ESR and Thunderbird 115.8 (CVE-2024-1553, no CVSS, risk high).

According to the security advisory, the first two high-risk vulnerabilities are also found in Firefox ESR before 115.8, and according to the security advisory, they are also present in Thunderbird before version 115.8. Of the six medium-severe leaks, four are also found in the Extended Stable Releases (ESR) and one of the two low-rated vulnerabilities.

The new features in Firefox

Search is now available in Firefox View, which means search includes all tabs as well as recently visited pages, closed tabs, tabs on additional devices or browser history. Users should be able to use the Web Compatibility Reporting Tool to report problems with websites that work in other browsers but not in Firefox. When translating websites, Firefox now also returns tooltips and texts on form fields and buttons that have been transformed into the target language.

Thunderbird Update

The according release notes for Thunderbird 115.8 are a bit more extensive and there were various error corrections. Thunderbird became significantly slower when opening emails in .eml format. The inbox view changed back to default after messages were moved or deleted. Additionally, the size of collapsed folders in the folder pane did not include the size of subfolders. Various other small issues are listed there, which the update corrects.