Mozilla developers have released Firefox and Firefox ESR version 115.0.2, which fixes a security leak and corrects some bugs.
The US cyber security authority CISA warns that attackers can take control of an affected system through the vulnerability. In the security notification from the Mozilla developers, they explain that a use-after-free vulnerability could occur during the life cycle of a so-called worker, which could lead to a potentially exploitable crash (CVE-2023-3600, no CVSS value yet, risk middle).
In contrast to the classification as medium risk according to the CVE summary, the developers classify the level of threat as high. According to the Release Notes, the new browser version also eliminates other errors. The browser could crash when starting some Windows 10 and Windows 11 users. Blocking malicious injected DLL libraries helps.
Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the symbol with the three horizontal stripes to the right of the address bar, and then continuing with Help - About Firefox. If necessary, this triggers the update process and prompts users to restart their browser.
Just last week, the Mozilla Foundation published version 115 of Firefox. The programmers have already sealed numerous security gaps in this update.