Mozilla sent Firefox Version 115.0 to the release channel. The update includes four security updates of which four (4) are rated high, seven (7) moderate, and one (1) rated low.
Firefox ESR was updated to Version 102.13.
Note: This is the last major version of Firefox that will support Windows 7 and Windows 8 (Firefox Support Article) as well as Apple macOS 10.12, 10.13, and 10.14 (Firefox Support Article). Users on those operating systems will be migrated to the ESR 115 version of Firefox so that they continue to receive important updates.
High
#CVE-2023-37201: Use-after-free in WebRTC certificate generation
#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey
#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13
#CVE-2023-37212: Memory safety bugs fixed in Firefox 115
Moderate
#CVE-2023-37203: Drag and Drop API may provide access to local system files
#CVE-2023-37204: Fullscreen notification obscured via option element
#CVE-2023-37205: URL spoofing in address bar using RTL characters
#CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API
#CVE-2023-37207: Fullscreen notification obscured
#CVE-2023-37208: Lack of warning when opening Diagcab files
#CVE-2023-37209: Use-after-free in `NotifyOnHistoryReload`
Low
#CVE-2023-37210: Full-screen mode exit prevention
New
Fixed
Changed
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.