Security Vulnerabilities fixed in Firefox 119 — Mozilla

Summary

Mozilla Firefox version 119 addressed multiple security vulnerabilities, including:

  • CVE-2023-5721: Clickjacking potential due to queued up rendering.
  • CVE-2023-5722: Cross-origin information leakage via iterative requests.
  • CVE-2023-5723: Possibility of unexpected errors due to invalid cookie characters.
  • CVE-2023-5724: Crashes occurring from large WebGL draw calls.
  • CVE-2023-5725: Malicious WebExtensions opening arbitrary URLs.
  • CVE-2023-5726: Full screen notification obscuring by file open dialog on macOS.
  • CVE-2023-5727: Bypassing of download protections on Windows by specific file types.
  • CVE-2023-5728: Object tracking issue during garbage collection that could lead to crashes.
  • CVE-2023-5729: Fullscreen notification dialog obscured by WebAuthn prompts.
  • CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1.
  • CVE-2023-5731: Memory safety bugs fixed in Firefox 119.

Key Takeaways

  • Multiple security vulnerabilities were fixed in Firefox 119.
  • Vulnerabilities ranged from clickjacking and information leakage to crashes and potential arbitrary code execution.
  • Issues related to cookies, WebExtensions, fullscreen notifications, and download protections were addressed.
  • Memory safety bugs were fixed in Firefox versions 119, 118, and Thunderbird 115.4.1.