A security flaw deemed critical has been spotted in the Mozilla Firefox browser, which invites its users to switch to the latest version of the tool.
A dozen vulnerabilities were fixed by Mozilla this week. One of the flaws, the only one classified as “critical” risk, concerns version 123 of the Firefox browser. Referenced CVE-2024-2615, it exposes users to remote code execution, and requires an emergency update.
A flaw that allows remote code execution
The vulnerability in question would affect memory security (Memory Safety), in Firefox version 123 (and only this one), available since February 20, 2024. Generally, memory security consists of a property that makes it possible to avoid vulnerabilities related to access to memory.
The bugs here show evidence of memory corruption. Mozilla believes that with enough effort, cybercriminals could exploit some of them to execute arbitrary code remotely, that is, without user interaction.
Remote code execution allows an attacker to install malware or even take control of a compromised machine.
A vulnerability fixed in Firefox version 124
The flaw in question has been corrected by the web browser teams. The latter recommend switching, if you have not already done so, to the very latest version Firefox 124, available since March 19, 2024, which as usual is full of new features.
Among the latter, we find a cursor navigation mode that also works in the PDF viewer, which allows you to use a keyboard to navigate web pages.
Source : Mozilla
0