Hello Firefox Users,

Today, we have important information to share about recent discoveries that impact the safety of your systems and the confidentiality of your sensitive data. The popular Mozilla Firefox web browser has recently been found to contain two severe security vulnerabilities, tracked as CVE-2023-5721 and CVE-2023-5730.

These vulnerabilities can be best described as a potential gateway for unwanted actions impacting your Linux systems, including unauthorized access to your systems, alteration of your data, or even control of your machine. 

Luckily, Mozilla has addressed these impactful issues with a critical Firefox security update, and Debian, Debian LTS, Fedora, SciLinux, and Slackware have already issued security advisory updates for Firefox. Think of this update as having an alarm system enabled and locking the doors before leaving your house to ensure robust security against unwelcome intruders.

We cannot stress this enough: to ensure maximum system and data security, we strongly recommend you upgrade Firefox to the latest version as soon as possible!

Read on to learn about other severe and impactful vulnerabilities recently discovered and fixed in your open-source programs and applications.

If you found today’s newsletter helpful and interesting, please share it with a fellow security geek! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from enthusiastic and insightful community members like you!

Stay safe out there,

Brittany Signature 150

Firefox

The Discovery 

Multiple security issues have been found in the popular Mozilla Firefox web browser, the most severe being memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5730) and an insufficient activation-delay, allowing certain browser prompts and dialogs to be activated or dismissed unintentionally by the user (CVE-2023-5721). Due to these vulnerabilities’ significant threat to the confidentiality, integrity, and availability of impacted systems, they have received a National Vulnerability Database severity rating of “Critical”.

Firefox

The Impact

These severe vulnerabilities could potentially result in the execution of arbitrary code, clickjacking, spoofing, or information leaks.

The Fix

A critical Firefox security update has been released to mitigate the vulnerabilities recently discovered. Given these bugs’ significant threat to impacted systems, if left unpatched, we strongly recommend that all affected users apply these updates now to protect against attacks threatening the security, integrity, and availability of their systems and the confidentiality of their sensitive data.

Your Related Advisories:

Register to Customize Your Advisories

Xorg

The Discovery 

Xorg

Several vulnerabilities have been found in the widely used Xorg X server, the most severe being an out-of-bounds write flaw due to an incorrect calculation of a buffer offset (CVE-2023-5367). Due to how easy this vulnerability is to exploit and its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 7.8 out of 10 (“High” severity).

The Impact

This severe vulnerability could result in privilege escalation and denial of service (DoS) attacks, resulting in loss of system access and allowing an attacker to see additional infrastructure to attack, add or delete users, or modify permissions of files or other users.

The Fix

An essential Xorg security update has been released to mitigate this dangerous vulnerability. Given this vulnerability's severe threat to impacted systems, if left unpatched, we strongly recommend that all affected users apply this update as soon as possible to prevent attacks potentially resulting in downtime and system compromise.

Your Related Advisories:

Register to Customize Your Advisories

Curl

The Discovery 

Distros continue to release updates addressing the critical heap-based buffer overflow flaw (CVE-2023-38545) recently found in the SOCKS5 proxy handshake in the Curl HTTP, HTTPS, and FTP client and client libraries. Simply put, if the data Curl comes across exceeds the space initially dedicated to it, it can potentially harm the system. This remotely exploitable security issue threatens impacted systems' confidentiality, integrity, and availability.

Curl

The Impact

This vulnerability allows any software or applications on systems using Curl to become a gateway for malicious attacks inadvertently. This could result in unauthorized access, data manipulation, or other dangerous exploits.

The Fix

An important Curl update, version 8.4.0, has been released to fix this severe issue. Given this vulnerability's significant threat to impacted systems, if left unpatched, we urge all affected users to apply these updates immediately to protect against potential compromise of your critical systems and sensitive data. 

Your Related Advisories:

Register to Customize Your Advisories