Updates available for Firefox 110 and Firefox ESR 102.8

Firefox and Firefox ESR are vulnerable. The new updates for Firefox 110 and Firefox ESR fix several high risk vulnerabilities. Attackers could mislead users of Mozilla's web browsers with a spoofing attack or even execute malicious code.

The developers have fixed 19 vulnerabilities in Firefox 110 and 14 vulnerabilities in Firefox ESR 102.8. Most of the vulnerabilities affect both browsers.

Attackers could use a script in the background to ensure that web browsers switch to full-screen mode and remain in this mode (CVE-2023-25730 high) without the victim having to do anything. Attackers could meanwhile spoof under the full screen in the course of a spoofing attack. How such an attack could proceed is not clear from the corresponding security advisory.

In addition, attackers could provoke memory errors in ways that are not described in detail via PKCS-12 certificate bundles (CVE-2023-0767 high) or via the JavaScript engine SpiderMonkey (CVE-2023-25735 high) and in the end probably execute malicious code.

To protect computers against possible attacks, users should install the current versions. It is currently not known whether all operating systems are threatened.