Multiple Mozilla Firefox Vulnerabilities
CERT-MU Vulnerability Note VN-2023-08
Date of Issue: 14.09.2023
Severity Rating: High
Affected Products:
- Mozilla Firefox 116
- Mozilla Firefox ESR 115.1
- Mozilla Firefox ESR 102.14
Description
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Solution
Users are advised to apply updates to address the vulnerabilities. Before applying the patch, please visit the vendor website for more details:
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/
CVE Information
- CVE-2023-4585 CVSS:8.8
- CVE-2023-4583 CVSS:6.5
- CVE-2023-4582 CVSS:8.8
- CVE-2023-4581 CVSS:6.5
- CVE-2023-4580 CVSS:6.5
- CVE-2023-4579 CVSS:6.5
- CVE-2023-4578 CVSS:6.5
- CVE-2023-4577 CVSS:6.5
- CVE-2023-4576 CVSS:8.8
- CVE-2023-4575 CVSS:6.5
- CVE-2023-4574 CVSS:6.5
- CVE-2023-4573 CVSS:6.5
- CVE-2023-4584 CVSS:8.8
|
References
- https://ubuntu.com/security/CVE-2023-4585
- https://ubuntu.com/security/CVE-2023-4583
- https://ubuntu.com/security/CVE-2023-4582
- https://security-tracker.debian.org/tracker/CVE-2023-4581
- https://www.suse.com/security/cve/CVE-2023-4580.html
- https://www.suse.com/security/cve/CVE-2023-4579.html
- https://ubuntu.com/security/CVE-2023-4578
- https://ubuntu.com/security/CVE-2023-4577
- https://ubuntu.com/security/CVE-2023-4576
- https://ubuntu.com/security/CVE-2023-4575
- https://ubuntu.com/security/CVE-2023-4574
- https://security-tracker.debian.org/tracker/CVE-2023-4573
- https://security-tracker.debian.org/tracker/CVE-2023-4584
Report Cyber Incidents
Report cyber security incident on the Mauritian Cybercrime Online Reporting System (MAUCORS – http://maucors.govmu.org/)
Contact Information
Computer Emergency Response Team of Mauritius (CERT-MU)
Ministry of Information Technology, Communication and Innovation
Tel: (+230) 4602600
Hotline No: (+230) 800 2378
Gen. Info. : contact@cert.govmu.org
Incident: incident@cert.govmu.org
Website: http://cert-mu.govmu.org
MAUCORS: http://maucors.govmu.org