Mozilla Releases Security Advisories for Multiple Products - 20230413002

Overview

Mozilla has released security advisories for vulnerabilities affecting multiple Mozilla products. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.

What is the threat?

Mozilla have confirmed forms of compromise include:

• Out of bounds memory access
• Memory corruption leading to an exploitable crash
• Memory corruption leading to running arbitrary code
• Reflected file download attacks potentially tricking users to install malware
• Bypassing file extension security mechanisms leading to accidental execution of malicious code

What is vulnerable?

• Thunderbird prior to version 102.10
• Firefox ESR prior to version 102.10
• Firefox (and Firefox for Android/Focus for Android) prior to version 112

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC encourages users and administrators to review the security advisory for the above mentioned Mozilla's products

Reference

• Mozilla Security Advisories - https://www.mozilla.org/en-US/security/advisories/