Mozilla has released security updates for Thunderbird and Firefox that fix a total of nine bugs in its software, including high-severity flaws.
All nine vulnerabilities, which are all memory-related and most of which could result in exploitable crashes, were patched in Firefox 118, which was made available to the stable channel.
The first two high-severity flaws are identified as CVE-2023-5168 and CVE-2023-5169, respectively, and are described as out-of-bounds write problems in the PathOps and FilterNodeD2D1 components of the browser.
Both may result in “a potentially exploitable crash in a privileged process,” according to Mozilla. The third flaw, CVE-2023-5170, is a memory leak problem that, according to Mozilla’s advisory, “could be used to effect a sandbox escape if the correct data was leaked.”