Mozilla rolled out security updates for Firefox and Thunderbird, addressing a total of 21 vulnerabilities. Firefox 121 fixed 18 issues, including a heap buffer overflow in WebGL (CVE-2023-6856) that could lead to remote code execution. Another concern, CVE-2023-6135, involved rendering NSS NIST curves, potentially susceptible to a side-channel attack. Thunderbird 115.6, launched concurrently, tackled 11 vulnerabilities, including email message spoofing (CVE-2023-50762) and message timestamp spoofing (CVE-2023-50761). These updates aim to fortify security, but Mozilla hasn’t reported any active exploits. More details are available on Mozilla’s security advisories page.

Read more: https://www.securityweek.com/mozilla-patches-firefox-vulnerability-allowing-remote-code-execution-sandbox-escape/