Mozilla-Security-Advisories - 202307002

Overview

Mozilla has released security advisories to address memory safety bugs present in Thunderbird, Firefox, and Firefox ESR. Some of these bugs showed evidence of memory corruption, that with enough effort some of these could have been exploited to run arbitrary code. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

What is the vulnerability?

The vulnerability is currently under analysis.

CVE-2023-37211 - CVSS v3 Base Score: N/A

What is vulnerable?

The vulnerability affects the following mozilla products:

• Firefox versions before 115
• Firefox ESR versions before 102.13
• Thunderbird versions before 102.13.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

Administrators are recommended to apply the solutions as per vendor instructions to all affected devices, within the expected timeframe of one month as per E8 compliance (refer Patch Management):

• Mozilla
• ACSC-E8 compliant patching

Additional References

• Buglist
• Mozilla Security Blog