![]() #CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions Reporter Irvan Kurniawan Impact high DescriptionĪn out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. #CVE-2023-4047: Potential permissions request bypass via clickjacking Reporter Axel Chong Impact high DescriptionĪ bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This resulted in incorrect compilation and a potentially exploitable crash in the content process. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. #CVE-2023-4046: Incorrect value used during WASM compilation Reporter Alexander Guryanov Impact high Description Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. ![]() #CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions Reporter Max Vlasov Impact high Description Users of Firefox on these versions of macOS will be moved over to the Firefox 115 ESR and will be supported until September 2024.Mozilla Foundation Security Advisory 2023-31 Security Vulnerabilities fixed in Firefox ESR 115.1 Announced AugImpact high Products Firefox ESR Fixed in We are ending support for macOS 10.12, 10.13 and 10.14. Users of Firefox on these versions of Windows will be moved over to the Firefox 115 ESR and will be supported until September 2024. We are ending support for Windows 7, 8 and 8.1. If you need to prevent upgrades for any reason, you can use the new AppUpdatePin policy. Users will then be automatically upgraded to the Firefox 115 ESR. There are two more planned releases of Firefox 102 ESR, and then it will go out of support on September 26, 2023. If you need to remove this behavior, you can set the preference to false using the Preferences policy. A recent change enabled revealing passwords for password fields via a context menu. ![]() The FlashPlugin policy has been removed.The UserMessaging policy had the ability to lock preferences, but it was missing from the documentation. ![]() If a preference was locked by one policy, it could be accidentally unlocked by another policy. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |