Firefox: Important Advisory On High-Risk Memory Corruption And Malware
Apr 21, 2023
•
Brittany Day
2 - 4 min read
Multiple important security issues have been identified in Firefox, which could be used to trick users into installing malware, or result in potentially exploitable crashes, memory corruption, spoofing attacks, or the execution of arbitrary code. With a high confidentiality, integrity and availability impact, it is critical that all affected users update immediately. Learn if you are impacted, and how to secure your systems against these dangerous bugs.
Continue reading to learn about other significant issues that more distros have released important advisory updates for this week, including several remotely exploitable Chromium vulnerabilities and multiple important Linux kernel bugs that could lead to denial of service (DoS) attacks resulting in potentially exploitable crashes, arbitrary code execution, or the disclosure of sensitive information.
Yours in Open Source,
FirefoxThe DiscoveryMultiple important security issues have been identified in Firefox. Memory safety bugs were found in Firefox 111 and Firefox ESR 102.9, some of which showed evidence of memory corruption (CVE-2023-29550). It was also discovered that the improper handling of downloads of files ending in .desktop can be interpreted to run attacker-controlled commands (CVE-2023-29541), and following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced (CVE-2023-29535). |
ChromiumThe DiscoveryDistros continue to release important updates mitigating several remotely exploitable vulnerabilities that were recently found in Chromium. These issues include a heap buffer overflow in Chrome prior to 112.0.5615.49 (CVE-2023-1810) and a use after free vulnerability in Frames in Chrome prior to 112.0.5615.49 (CVE-2023-1811). With a high confidentiality, integrity and availability impact, both of these vulnerabilities have been assigned a Chromium security severity of “High” and a National Vulnerability Database base score of 8.8 out of 10 (High severity).
The ImpactThese issues could result in the execution of arbitrary code, denial of service (DoS) attacks resulting in potentially exploitable crashes, or the disclosure of sensitive information. The FixWith a low attack complexity and no user interaction or privileges required to exploit these bugs, it is crucial that all impacted users apply the Chromium security updates issued by their distro(s) as soon as possible to protect against exploits leading to downtime and the compromise of their systems and sensitive data. Your Related Advisories:[distro_list_2] |
Linux KernelThe DiscoveryDistros are still releasing advisory updates addressing several important security vulnerabilities that have been discovered in the Linux kernel. The most notable issues include the finding that the KVM VMX implementation in the kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs (CVE-2022-2196), and an integer overflow vulnerability in the RNDIS USB driver in the kernel (CVE-2023-23559). |
PREVIOUS
NEXT
