ClickCease Firefox 122 Released with 15 Security Fixes

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Firefox 122 Released with 15 Security Fixes

Rohan Timalsina

February 7, 2024 - TuxCare expert team

Mozilla released the new version of its popular browser, Firefox 122, on January 23, 2024. It came 1 month and 5 days after the previous Firefox 121 and brings several new features and improvements along with various security fixes. In this article, we will explore the high-severity vulnerabilities addressed in the recent Firefox security updates.

 

High-Severity Vulnerabilities Fixed in Firefox 122

 

CVE-2024-0741

This out-of-bounds write vulnerability in ANGLE ((Almost Native Graphics Layer Engine) could allow an attacker to corrupt memory leading to a potentially exploitable crash.

 

CVE-2024-0742

Certain browser prompts and dialogs could be unintentionally activated or dismissed by users due to an incorrect timestamp used to prevent input after page load.

 

CVE-2024-0743

Firefox 122 addressed an unchecked return value in the TLS handshake code which could potentially result in an exploitable crash.

 

CVE-2024-0744

Under certain conditions, JIT compiled code could have dereferenced a wild pointer value, posing a risk of an exploitable crash.

 

CVE-2024-0745

Firefox 122 also patched a stack buffer overflow issue in the WebAudio OscillatorNode object which could result in a potentially exploitable crash.

 

Other Security Vulnerabilities Fixed

 

All remaining vulnerabilities are classified as medium severity having a moderate impact on Firefox, which include:

CVE-2024-0746: Opening the print preview dialog on Linux could lead to a browser crash.

CVE-2024-0748: A compromised content process could have modified the document URI, enabling an attacker to set an arbitrary URI in the address bar or history.

CVE-2024-0749: A phishing site could repurpose an about: dialog to display phishing content with an incorrect origin in the address bar.

CVE-2024-0750: Firefox 122 fixed a bug in popup notifications delay calculation which could allow an attacker to deceive a user into granting permissions.

CVE-2024-0751: A malicious devtools extension could be utilized for privilege escalation.

 

Firefox 122 DEB Package

 

Firefox finally ships with a .deb package for Linux users on Ubuntu, Debian, and Linux Mint. The official Firefox DEB package ensures enhanced performance through advanced compiler-based optimizations, secure binaries with all security flags activated during compilation, swift access to the latest updates, and seamless browsing without the necessity to restart Firefox after upgrading the package.

 

Conclusion

 

Many Linux distributions, including Ubuntu and Debian, have already rolled out security updates, addressing the above Firefox vulnerabilities. It is essential to update the existing Firefox installations to get the latest versions and ensure a secure browsing experience. You can also find the official binary or DEB packages of Firefox 122 on the download page.

 

The sources for this article include a story from MFSA 2024-01.

Summary
Firefox 122 Released with 15 Security Fixes
Article Name
Firefox 122 Released with 15 Security Fixes
Description
Mozilla addresses 15 vulnerabilities in the Firefox 122 release, including 5 high-severity flaws. Learn more about new fixes and updates.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter