Mozilla recently released Firefox 121, an important step toward user security, introducing critical updates that address 18 vulnerabilities, five of which are high severity. This release strengthens the browser against potential exploits and demonstrates Mozilla's commitment to user security.

High-severity vulnerabilities fixed in Firefox 121

CVE-2023-6856 The most significant vulnerability addressed is CVE-2023-6856, a heap buffer overflow bug in WebGL. This JavaScript API, which handles interactive graphics rendering, was exploitable on systems using the Mesa VM driver. The vulnerability could lead to remote code execution and sandbox escape, underscoring the critical importance of the fix.

CVE-2023-6135 Another significant fix in Firefox 121 is CVE-2023-6135, which addresses a vulnerability in the Network Security Services (NSS) rendering of NIST curves. This issue, susceptible to the Minerva side-channel attack, exposed the risk of adversaries recovering the long-term private key. The update provides more robust defense against possible security breaches.

CVE-2023-6865 Mozilla also fixed CVE-2023-6865, a bug that exposed uninitialized data in EncryptingOutputStream. This vulnerability could be exploited to allow attackers to write data to a local disk, affecting private browsing mode. The prompt fix highlights Firefox's proactive approach to safeguarding user privacy.

CVE-2023-6873 and CVE-2023-6864 Firefox 121 includes critical updates addressing multiple memory-safety issues, tracked collectively as CVE-2023-6873 and CVE-2023-6864. These updates not only improve the browser's overall stability but also extend their impact to Firefox ESR and Thunderbird, ensuring a comprehensive approach to security.

Medium and low severity flaws

Beyond the high-severity fixes, Mozilla resolved eight medium-severity flaws, including heap buffer overflow issues, use-after-free bugs, and sandbox escape issues. Five low-severity bugs were also addressed, together contributing to a better browsing experience.

Mozilla also announced the release of Thunderbird 115.6, which fixes 11 vulnerabilities, nine of which are shared with Firefox 121. This coordinated approach highlights Mozilla's commitment to strengthening not only its flagship browser but also its email client.