- 70/2023
- High
Mozilla has released security updates to fix vulnerabilities in Firefox 111 and Firefox ESR 102.9.
The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform a spoofing attack, cause a denial of service attack, or execute arbitrary code and gain access to vulnerable systems.
Sample of the addressed vulnerabilities:
Mozilla Firefox Code Execution Vulnerability (CVE-2023-28177):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
• CVE-2023-25751
• CVE-2023-28164
• CVE-2023-28162
• CVE-2023-25752
• CVE-2023-28163
• CVE-2023-28176
• CVE-2023-28159
• CVE-2023-25748
• CVE-2023-25749
• CVE-2023-25750
• CVE-2023-28160
• CVE-2023-28161
• CVE-2023-28177
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.