Advisory 48 : Mozilla Foundation Security Advisory
Release Date : 24th of January 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
Mozilla has released security updates to address vulnerabilities in Thunderbird and Firefox.
- CVE-2024-0741: Out of bounds write in ANGLE – An out of bound write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash
- CVE-2024-0742: Failure to update user input timestamp
- CVE-2024-0746: Crash when listing printers on Linux
- CVE-2024-0747: Bypass of Content security Policy when directive unsafe-inline was set.
- CVE-2024-0749: Phishing site popup could show local origin in address bar
- CVE-2024-0750: Potential permissions request bypass via clickjacking
- CVE-2024-0751: Privilege escalation through devtools
- CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
- CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
What are the Systems affected?
- Thunderbird 115.7
- Firefox ESR 115.7
- Firefox 122
What this means?
An attacker could exploit this vulnerability and take control of the affected system.
Mitigation process
Administrators are recommended to apply necessary updates of the above Mozilla products.
References
- https://www.cisa.gov/news-events/alerts/2024/01/24/mozilla-releases-security-updates-thunderbird-and-firefox
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/
- Download advisory (English): Mozilla Foundation Security Advisory
- Download advisory (Bislama): Advaeseri long saed blong Mozilla Faondesen Sekuriti
- Download advisory (French): Avis de sécurité de la fondation Mozilla