Synthesis
Mozilla has released security updates to fix some vulnerabilities, including 4 with “high” severity, in the Firefox and Firefox ESR products.
Risk
Estimated impact of vulnerability on the reference community: HIGH/ORANGE (65.12/100)1.
Type
- Arbitrary Code Execution
- Information Disclosure
- Security Restrictions Bypass
Affected products and versions
Mozilla
- Firefox, versions prior to 128
- Firefox ESR, versions prior to 115.13
- Thunderbird, versions prior to 128 (Note: Updated 07/17/2024)
- Thunderbird 115.x, versions prior to 115.13 (Note: Updated 07/17/2024)
Mitigation actions
In line with the vendor’s declarations, it is recommended to update the affected products following the indications of the security bulletins reported in the References section.
Unique vulnerability identifiers
Below are the only CVEs relating to vulnerabilities with “high” severity:
References
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30
https://www.mozilla.org/en-US/security/advisories/mfsa2024-32
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31
1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
