Security Advisory – Firefox ESR 115.9 Patches Multiple High-Impact Vulnerabilities

Mozilla has released security updates for Firefox ESR (Extended Support Release) version 115.9, addressing several critical vulnerabilities. Key issues include a potentially exploitable crash in NSS TLS handshake code (CVE-2024-0743), a sandbox escape vulnerability via Windows Error Reporter on Windows systems (CVE-2024-2605), arbitrary code execution flaws in JIT code on Armv7-A systems (CVE-2024-2607), and integer overflow leading to out-of-bounds write (CVE-2024-2608). Additional fixes include improved handling of out-of-memory conditions in ICU and security enhancements against RSA decryption timing attacks and CSP nonce leakage.

Read more about the security advisories