Summary of Security Vulnerabilities in Firefox ESR 115.6

Mozilla recently released Firefox ESR 115.6, addressing several high and moderate impact security vulnerabilities. Here’s a breakdown of the most critical issues fixed:

High-Impact Vulnerabilities

  1. CVE-2023-6856: A heap buffer overflow in the WebGL DrawElementsInstanced method, affecting systems with the Mesa VM driver. It could allow remote code execution and sandbox escape. Reported by DoHyun Lee.
  2. CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream, with implications for private browsing mode. Reported by Jan Varga.
  3. CVE-2023-6864: Memory safety bugs fixed in Firefox ESR 115.6, including evidence of memory corruption and potential exploitation for running arbitrary code. Reported by various security researchers.

Moderate-Impact Vulnerabilities

  1. CVE-2023-6857: Symlinks may resolve to smaller than expected buffers, affecting Unix-based operating systems, with a race condition that may lead to smaller-than-necessary buffers. Reported by Jed Davis.
  2. CVE-2023-6858: A heap buffer overflow in nsTextFragment due to insufficient out-of-memory handling. Reported by Irvan Kurniawan.
  3. CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer, impacting TLS socket creation under memory pressure. Also reported by Irvan Kurniawan.
  4. CVE-2023-6860: Potential sandbox escape due to VideoBridge’s lack of texture validation, enabling a content process to use textures produced by remote decoders. Reported by Andrew Osmond.
  5. CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode, reported by Yangkang of 360 ATA Team.
  6. CVE-2023-6862: Use-after-free in nsDNSService, manifesting rarely during start-up. Reported by Randell Jesup.
  7. CVE-2023-6867: Clickjacking permission prompts using the popup transition, allowing surprises by luring users to click where the permission grant button would appear. Reported by Hafiizh.
  8. CVE-2023-6863: Undefined behavior in ShutdownObserver(), due to reliance on a dynamic type without a virtual destructor. Reported by Ronald Crane.

Mozilla highlights the critical importance of promptly updating to Firefox ESR 115.6 to mitigate these security risks. Users are urged to apply the latest patches to safeguard their browsing experiences.