Summary
Mozilla has released security updates to fix some vulnerabilities, including 2 with a “high” severity, in Firefox, Firefox ESR and Thunderbird products.
Risk
Estimate of impact of the vulnerability on the reference community: MEDIUM/YELLOW (62.94/100)1.
Type
- Security Restrictions Bypass
- Denial of Service
Affected products and versions
- Firefox, versions prior to 132
- Firefox ESR, versions prior to 128.4
- Thunderbird, versions prior to 132
Mitigation actions
In line with the vendor’s statements, it is recommended to update the affected products following the indications of the security bulletins reported in the References section.
Unique vulnerability identifiers
The following are only the CVEs related to the vulnerabilities with a “high” severity:
References
https://www.mozilla.org/en-US/security/advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2024-55
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56
https://www.mozilla.org/en-US/security/advisories/mfsa2024-57
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58
https://www.mozilla.org/en-US/security/advisories/mfsa2024-59
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.