Firefox 115 and Thunderbird 102.13 updates available

The Mozilla Foundation has released Firefox 115, Firefox ESR 115 and Thunderbird 102.13. The new versions close numerous security vulnerabilities, some of which are highly risky. The timely update is therefore advisable.

In the new Firefox 115, the developers have fixed 13 vulnerabilities. Of these, four are considered high risk, eight medium risk and one *low risk". Find more information in the according Security Advisory.

The developers classify a use-after-free vulnerability in WebRTC as high risk, in which resources are accessed again after they have been released and access to undefined areas can often be misused by attackers to smuggle in malicious code (CVE-2023-37201). Such a leak was also found in the JavaScript engine Spidermonkey (CVE-2023-37202). Memory security bugs (CVE-2023-37211, CVE-2023-37212) also posed a high threat level.

When switching from Chrome, for example, Firefox can now import the payment methods stored in it, under Linux hardware-accelerated video decoding is activated when using Intel GPUs, and the Tab Manager drop-down menu now shows Close buttons so that tabs can be closed more quickly.

The Mozilla Foundation is also updating the Firefox browser with long-term support to level 115, closing the same vulnerabilities as the browser in the standard release channel. However, they have also released Firefox ESR 102.13, which is the basis for the Thunderbird mail program or the anonymizing Tor browser.

The Firefox ESR 102.13 version fixes five vulnerabilities, three of which pose a high risk to users. These are the same vulnerabilities in WebRTC and Spidermonkey as well as one of the memory vulnerabilities. These are identical to the list of closed vulnerabilities for Thunderbird 102.13. Thunderbird 102.13 is not yet available via automatic update.

Since some of the closed gaps were classified as high-risk, Firefox users should ensure that they are already running the current version. Otherwise, they run the risk of catching malware when visiting a manipulated website.

Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the symbol with the three horizontal stripes to the right of the address bar, and then continuing with Help - About Firefox. If necessary, this triggers the update process and prompts users to restart their browser.