- 151/2023
- High
Mozilla has released an updated Firefox version 115, and Firefox ESR version 102.13 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to gain access, conduct a spoofing attack, bypass security restrictions, or execute arbitrary code by sending a specially crafted request to the affected system.
Sample of the addressed vulnerabilities:
Mozilla Firefox Code Execution Vulnerability (CVE-2023-37201):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2023-37201
- CVE-2023-37202
- CVE-2023-37203
- CVE-2023-37204
- CVE-2023-37205
- CVE-2023-37206
- CVE-2023-37207
- CVE-2023-37208
- CVE-2023-37209
- CVE-2023-37210
- CVE-2023-37211
- CVE-2023-37212
- CVE-2023-3482
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.