Summary
Mozilla has released security updates to address some critical issues, including 2 with severity “high” and 1 with severity “critical”, in Firefox, Firefox ESR and Thunderbird products.
Risk
Estimate of the impact of the limitation on the reference community: HIGH/ORANGE (66.41/100)1 .
Type
- Arbitrary code execution
- Data manipulation
Affected products and versions
- Firefox, versions prior to 131
- Firefox ESR, versions prior to 115.16
- Firefox ESR, versions prior to 128.3
- Thunderbird, versions prior to 128.3
- Thunderbird, versions prior to 131
Mitigation actions
In line with the vendor’s statements, it is recommended to update the affected products following the indications of the security bulletins reported in the References section.
Unique Weakness Identifiers
The following are only the CVEs for the “high” and “critical” severity weaknesses:
References
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46
https://www.mozilla.org/en-US/security/advisories/mfsa2024-47
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49
https://www.mozilla.org/en-US/security/advisories/mfsa2024-50
1 This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
