Firefox 118, Firefox ESR 115.3 and Thunderbird 115.3 updates available
Mozilla has secured its mail client and web browsers against possible attacks caused by malicious code vulnerabilities.
New updates fixed malicious code vulnerabilities in Firefox, Firefox ESR and Thunderbird. Attackers can exploit several vulnerabilities in Firefox, Firefox ESR and Thunderbird and, in the worst case, execute malicious code. To prevent attackers from compromising systems, users should install the latest versions with security updates.
As can be seen from the warning messages linked below this message, the developers rate the impact of the vulnerabilities as high. For example, processing compromised content processes could lead to a memory error (out-of-bounds). This usually triggers crashes. However, malicious code can often find its way onto systems.
With Thunderbird, the developers point out that emails do not work as an attack vector because scripting is disabled. However, attacks can take place in browser-like contexts.
Mozilla has prepared new versions Firefox 118, Firefox ESR 115.3 and Thunderbird 115.3 against possible attacks.
Read more about the fixed vulnerabilities in the according Security Advisories below: