Security Vulnerabilities fixed in Firefox ESR 115.4 — Mozilla

Summary

Mozilla addressed multiple security vulnerabilities in Firefox ESR 115.4, including clickjacking (CVE-2023-5721), address bar spoofing (CVE-2023-5732), WebGL crash (CVE-2023-5724), arbitrary URL opening (CVE-2023-5725), obscured full screen notification (CVE-2023-5726), download protections bypass (CVE-2023-5727), and improper object tracking crash (CVE-2023-5728). Additionally, memory safety bugs were fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 (CVE-2023-5730).

Key Takeaways

  • Mozilla fixed multiple security vulnerabilities in Firefox ESR 115.4.
  • Vulnerabilities include clickjacking (CVE-2023-5721), address bar spoofing (CVE-2023-5732), WebGL crash (CVE-2023-5724), arbitrary URL opening (CVE-2023-5725), obscured full screen notification (CVE-2023-5726), download protections bypass (CVE-2023-5727), and improper object tracking crash (CVE-2023-5728).
  • Memory safety bugs were also addressed in Firefox ESR 115.4, Firefox 119, and Thunderbird 115.4.1 (CVE-2023-5730).
  • Users should update to the latest version to protect against these security vulnerabilities.