Mozilla has released security patches for both its Firefox browser (Firefox 124, Firefox ESR 115.9) and Thunderbird email client (Thunderbird 115.9), addressing 14 vulnerabilities that could leave users open to severe attacks.
These flaws include a critical remote code execution vulnerability, as well as several high-risk bugs that could let attackers escape security sandboxes, trigger system crashes, steal data, or manipulate settings.
The most critical vulnerability, tracked as CVE-2024-2615 that allows attackers to potentially run malicious code on your computer without your knowledge or interaction.
Five other vulnerabilities are marked ‘high‘ risk, making this update essential. These vulnerabilities could affect everything from personal emails and financial information to the very stability of your operating system. There are no reports of these flaws being actively exploited yet, but that could change quickly.
Vulnerabilities summary (Critical & High)
- CVE-2024-2615-Memory safety bugs that could allow remote code execution.
- CVE-2024-2605-Potential sandbox escapes for Windows systems
- CVE-2024-2606-Mishandling of internal code structures
- CVE-2024-2607-Code execution flaws specific to older ARM-based devices
- CVE-2024-2608- Integer overflows that could allow attackers to write malicious code outside of intended areas.
- CVE-2024-2614-Additional memory safety issues, some potentially leading to code execution.
