Security News > 2023 > March > Firefox 111 patches 11 holes, but not 1 zero-day among them…
2023-03-14 19:16
CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9.
These bugs were shared between the current version and the ESR version, short for extended support release.
CVE-2023-28177: Memory safety bugs fixed in Firefox 111 only.
None of the other eleven CVE-numbered bugs this month were worse thah High; three of them apply to Firefox for Android only; and no one has yet come up with a PoC exploit that shows how to abuse them in real life.
CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab.
Most Firefox users will get the update automatically, typically after a random delay to stop everyone's computer downloading at the same moment.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-28177 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 110. | 8.8 |
| 2023-06-02 | CVE-2023-28176 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. | 8.8 |
| 2023-06-02 | CVE-2023-28161 | Improper Preservation of Permissions vulnerability in Mozilla Firefox If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. | 8.8 |