Skip to content

Mozilla Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515003

Overview

Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution.

What is vulnerable?

The following Mozilla products are found vulnerable:


- Firefox ESR versions prior to 115.11

- Thunderbird versions prior to 115.11

- Firefox versions prior to 126

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

  • We recommend updating your affected Mozilla products to any of the following or later version(s):

    • Firefox ESR version 115.11

    • Thunderbird version 115.11

    • Firefox version 126

Additional References