With the release of Mozilla Firefox 117, 13 vulnerabilities are patched, including seven ‘High Severity’ flaws and four memory corruption flaws.
Mozilla said that IPC CanvasTranslator, IPC ColorPickerShownCallback, IPC FilePickerShownCallback, and JIT UpdateRegExpStatics components of the browser are all affected by these memory corruption issues, which might result in potentially exploitable crashes.
High-Severity Flaws Addressed
The high severity flaw tracked as CVE-2023-4573, Memory corruption in IPC CanvasTranslator, reported by Sonakkbi has been addressed.
When receiving rendering data through IPC, mStream may have been initialized and then destroyed, which could have resulted in a use-after-free and a crash that might have been exploited.
Memory corruption in IPC ColorPickerShownCallback tracked as CVE-2023-4574 has been fixed. The issue was reported by Sonakkbi.
“When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished,” Mozilla said in its advisory.
A high-severity Memory corruption bug in IPC FilePickerShownCallback tracked as CVE-2023-4575 has been addressed. The issue was reported by Sonakkbi.
Multiple instances of identical callbacks might have been produced at once, and finally, all were removed concurrently as soon as one of the callbacks ended when generating a callback over IPC for displaying the File Picker window.
The flaw tracked as CVE-2023-4576, Integer Overflow in RecordedSourceSurfaceCreation has been fixed, reported by fffvr.
“On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation, which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape,” Mozilla said.
Only Firefox for Windows is impacted by this issue. Unaffected are other operating systems.
The High-severity flaw tracked as CVE-2023-4577, Memory corruption in JIT UpdateRegExpStatics was reported by Lukas Bernhard.
When UpdateRegExpStatics attempted to retrieve initialStringHeap, it might have already been garbage collected before entering the method, potentially resulting in an exploitable crash.
The high-severity flaw was tracked as CVE-2023-4584; memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 were reported by Randell Jesup, Andrew McCreight, the Mozilla Fuzzing Team.
Finally, the vulnerability tracked as CVE-2023-4585, Memory safety bugs were fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.
This issue was reported by Donal Meehan, Sebastian Hengst, and the Mozilla Fuzzing Team.
“Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code”, Mozilla reports.
Six issues were fixed in this browser update ‘moderate’ and ‘low-severity’ flaws that could allow for site spoofing, the disclosure of private data, the unauthorized download of files, and a buffer overflow.
Mozilla revealed the release of Firefox ESR 115.2, which contains updates for 14 vulnerabilities, 12 of which were fixed in Firefox 117.
Source: https://cybersecuritynews.com/firefox-high-severity-vulnerabilities/
