- 126/2023
- High
Mozilla has released an updated Firefox version 114 and Firefox ESR version 102.12 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack, bypass security restrictions, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Safety Bugs Code Execution Vulnerability (CVE-2023-34416):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Mozilla Firefox Certificate Clickjacking Vulnerability (CVE-2023-34414):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2023-34414
- CVE-2023-34415
- CVE-2023-34416
- CVE-2023-34417
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.