Mozilla Firefox 116 Released with High-Risk Security Patches

Mozilla has announced the release of Firefox 116, along with Firefox ESR 115.1 and Firefox ESR 102.14. According to the official information, the developers have addressed a number of vulnerabilities, several of which were classified as high risk.

In total, Mozilla fixed 14 issues with CVE identifiers, nine of which were rated as highly dangerous. Three of the bugs were related to memory safety.

Key Vulnerabilities Addressed

• CVE-2023-4045: This vulnerability affects Offscreen Canvas and allows bypassing cross-origin restrictions. For example, certain web pages could use this bug to view images from another site.
• CVE-2023-4046: According to experts at Sophos who analyzed the new Mozilla update, this serious vulnerability is rooted in the use of incorrect values during the WASM compilation process. In some cases, an outdated value could be used for a global variable during JIT analysis of WASM, leading to improper compilation and process failure.
• CVE-2023-4047: This flaw allows permission request bypass via clickjacking. A malicious page could trick a user into clicking a specially placed element, which in reality would activate a button in a security dialog window.

Mozilla recommends updating to the latest version to ensure your browser is protected against these and other vulnerabilities.