Updates to Firefox 117, ESR 115.2 and 102.15 available

The new Firefox releases fix several security vulnerabilities.

The developers at the Mozilla Foundation have released new versions of the Firefox web browser with numerous security-related bug fixes. This also includes vulnerabilities classified as high-risk.

Many of the vulnerabilities affect the previous versions of the current versions Firefox 117, ESR 115.2 and 102.15 equally. Five vulnerabilities classified as high-risk can be found in all browsers mentioned (CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4576, CVE-2023-4584). Only in Firefox 117 and ESR 115.2 are two vulnerabilities also classified as high risk fixed (CVE-2023-4577, CVE-2023-4585).

In addition, the programmers classify four vulnerabilities in Firefox 117 as medium threat (CVE-2023-4578, CVE-2023-4579, CVE-2023-4580, CVE-2023-4581) and two as low risk (CVE-2023-4582, CVE-2023-4583). Of these, two of the medium and low ranked leaks also affect Firefox ESR 115.2, a medium gap also Firefox ESR 102.15 (CVE-2023-4581). Two moderate threats only affect Firefox ESR 115.2 (CVE-2023-4051, CVE-2023-4053).

The high-risk vulnerabilities are largely based on use-after-free scenarios, in which the program code reuses resources that have already been released. The memory thus accessed is in an undefined state. This often allows malicious code to be injected and executed. One of the vulnerabilities concerns an integer overflow in RecordedSourceSurfaceCreation, which causes a buffer overflow on the heap and, as a result, leaks sensitive information that could be used by malicious code to break out of the sandbox (CVE-2023-4576).

The security notifications for the Thunderbird updates that will also be released shortly are not yet available, but they usually correspond to the content of the Firefox ESR 115.2 or Firefox ESR 102.15 updates. Users should carry out the updates quickly due to the risk classifications.

The version dialog opens by clicking on the settings menu, which is behind the symbol with the three stacked lines, and then going on via Help" - About Firefox. If available, the downloads the updated software, installs it and prompts you to restart the software.

Find the according security reports from the Mozilla developers below:

Vulnerabilities fixed in Firefox 117.0

Vulnerabilities fixed in Firefox ESR 115.2

Vulnerabilities fixed in Firefox ESR 102.15

Only minor changes can be found in the release notes for Firefox 117. For example, Mac users can adjust the behavior of the Tab key in the settings so that it switches focus between form fields and links, for example. The YouTube video list now scrolls correctly when navigating with a screen reader.

about author