Firefox, Thunderbird and Tor Browser get security updates

Firefox, Thunderbird and Tor Browser get security updates

Mozilla’s Firefox, Firefox ESR, Thunderbird and the Firefox ESR-based anonymizing web browser Tor are vulnerable. Attackers could crash the browsers or even breach the sandbox.

Advertisement

The new versions

The developer has listed information about the current releases and gaps in the security section of their website. The following versions have the latest security updates:

Firefox 116Firefox ESR 102.14Firefox ESR 115.1Thunderbird 102.14Thunderbird 115.1Tor Browser 12.5.2

The gaps

The applications are affected by identical vulnerabilities. Overall, Mozilla classifies the level of threat as “high”. In situations with little memory, attackers can cause crashes by parsing certain HTML code (CVE-2023-4048 “high”). Through a bug (CVE-2023-4047 “high”) and a resulting delay in the display of pop-up notifications, attackers can trick victims into granting them higher privileges.

A gap (CVE-2023-4050 “high”) in the StorageManager could be particularly dangerous. At this point, under certain conditions, it is conceivable that untrusted data could end up in memory, resulting in a crash. In the course of this, attackers can break out of the sandbox. This protective layer separates the browser from the operating system. If attackers get past them, the entire system is usually at risk.

Advertisement

Surf anonymously

Tor Browser is based on Firefox ESR and is designed to protect privacy and anonymity while surfing. As can be seen from a recent article, the developers have given the browser other updates in addition to the secure Firefox ESR version. For example, they updated the NoScript extension (11.4.26) and translations.

See also:

(of the)

Go to home page
#Firefox #Thunderbird #Tor #Browser #security #updates