=====================================================================

                             CERT-Renater

                  Note d'Information No. 2023/VULN214

_____________________________________________________________________

DATE                : 08/06/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Firefox versions prior to 114,
                                        ESR 102.12.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2023-20
Security Vulnerabilities fixed in Firefox 114

Announced        June 6, 2023
Impact           high
Products         Firefox
Fixed in
         Firefox 114


#CVE-2023-34414: Click-jacking certificate exceptions through
rendering lag

Reporter         Irvan Kurniawan
Impact           high


Description

The error page for sites with invalid TLS certificates was missing the
activation-delay Firefox uses to protect prompts and permission dialogs
from attacks that exploit human response time delays. If a malicious
page elicited user clicks in precise locations immediately before
navigating to a site with a certificate error and made the renderer
extremely busy at the same time, it could create a gap between when
the error page was loaded and when the display actually refreshed.
With the right timing the elicited clicks could land in that gap
and activate the button that overrides the certificate error for
that site.

References

     Bug 1695986


#CVE-2023-34415: Site-isolation bypass on sites that allow open
redirects to data: urls

Reporter
     Jun Kokatsu
Impact
     moderate

Description

When choosing a site-isolated process for a document loaded from
a data: URL that was the result of a redirect, Firefox would load
that document in the same process as the site that issued the
redirect. This bypassed the site-isolation protections against
Spectre-like attacks on sites that host an "open redirect".
Firefox no longer follows HTTP redirects to data: URLs.


References

     Bug 1811999


#CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and
Firefox ESR 102.12

Reporter        Mozilla developers and community
Impact          high

Description

Mozilla developers and community members Gabriele Svelto,
Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and
Sebastian Hengst reported memory safety bugs present in
Firefox 113 and Firefox ESR 102.11. Some of these bugs
showed evidence of memory corruption and we presume that
with enough effort some of these could have been exploited
to run arbitrary code.

References

     Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12


#CVE-2023-34417: Memory safety bugs fixed in Firefox 114

Reporter
     Mozilla developers and community
Impact
     high


Description

Mozilla developers and community members Andrew McCreight, Randell
Jesup, and the Mozilla Fuzzing Team reported memory safety bugs
present in Firefox 113. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code.


References

     Memory safety bugs fixed in Firefox 114

_____________________________________________________________________


Mozilla Foundation Security Advisory 2023-19
Security Vulnerabilities fixed in Firefox ESR 102.12

Announced       June 6, 2023
Impact          high
Products        Firefox ESR
Fixed in
         Firefox ESR 102.12


#CVE-2023-34414: Click-jacking certificate exceptions through
rendering lag

Reporter        Irvan Kurniawan
Impact          high


Description

The error page for sites with invalid TLS certificates was missing
the activation-delay Firefox uses to protect prompts and permission
dialogs from attacks that exploit human response time delays. If a
malicious page elicited user clicks in precise locations immediately
before navigating to a site with a certificate error and made the
renderer extremely busy at the same time, it could create a gap
between when the error page was loaded and when the display actually
refreshed. With the right timing the elicited clicks could land in that
gap and activate the button that overrides the certificate error for
that site.

References

     Bug 1695986


#CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and
Firefox ESR 102.12

Reporter       Mozilla developers and community
Impact         high

Description

Mozilla developers and community members Gabriele Svelto, Andrew
McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst
reported memory safety bugs present in Firefox 113 and Firefox ESR
102.11. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could have
been exploited to run arbitrary code.


References

     Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12




=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================