Firefox 122 Released with 15 Security Fixes
Mozilla released the new version of its popular browser, Firefox 122, on January 23, 2024. It came 1 month and 5 days after the previous Firefox 121 and brings several new features and improvements along with various security fixes. In this article, we will explore the high-severity vulnerabilities addressed in the recent Firefox security updates.
High-Severity Vulnerabilities Fixed in Firefox 122
CVE-2024-0741
This out-of-bounds write vulnerability in ANGLE ((Almost Native Graphics Layer Engine) could allow an attacker to corrupt memory leading to a potentially exploitable crash.
CVE-2024-0742
Certain browser prompts and dialogs could be unintentionally activated or dismissed by users due to an incorrect timestamp used to prevent input after page load.
CVE-2024-0743
Firefox 122 addressed an unchecked return value in the TLS handshake code which could potentially result in an exploitable crash.
CVE-2024-0744
Under certain conditions, JIT compiled code could have dereferenced a wild pointer value, posing a risk of an exploitable crash.
CVE-2024-0745
Firefox 122 also patched a stack buffer overflow issue in the WebAudio OscillatorNode
object which could result in a potentially exploitable crash.
Other Security Vulnerabilities Fixed
All remaining vulnerabilities are classified as medium severity having a moderate impact on Firefox, which include:
CVE-2024-0746: Opening the print preview dialog on Linux could lead to a browser crash.
CVE-2024-0748: A compromised content process could have modified the document URI, enabling an attacker to set an arbitrary URI in the address bar or history.
CVE-2024-0749: A phishing site could repurpose an about: dialog to display phishing content with an incorrect origin in the address bar.
CVE-2024-0750: Firefox 122 fixed a bug in popup notifications delay calculation which could allow an attacker to deceive a user into granting permissions.
CVE-2024-0751: A malicious devtools extension could be utilized for privilege escalation.
Firefox 122 DEB Package
Firefox finally ships with a .deb package for Linux users on Ubuntu, Debian, and Linux Mint. The official Firefox DEB package ensures enhanced performance through advanced compiler-based optimizations, secure binaries with all security flags activated during compilation, swift access to the latest updates, and seamless browsing without the necessity to restart Firefox after upgrading the package.
Conclusion
Many Linux distributions, including Ubuntu and Debian, have already rolled out security updates, addressing the above Firefox vulnerabilities. It is essential to update the existing Firefox installations to get the latest versions and ensure a secure browsing experience. You can also find the official binary or DEB packages of Firefox 122 on the download page.
The sources for this article include a story from MFSA 2024-01.