=====================================================================

                                  CERT-Renater

                       Note d'Information No. 2023/VULN245

_____________________________________________________________________

DATE                : 13/07/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Firefox versions prior to 115.0.2,
                                  ESR 115.0.2, for iOS 115.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2023-26
Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR
115.0.2

Announced       July 11, 2023
Impact          high
Products        Firefox, Firefox ESR
Fixed in

         Firefox 115.0.2
         Firefox ESR 115.0.2

#CVE-2023-3600: Use-after-free in workers

Reporter        Andrew McCreight
Impact          high

Description

During the worker lifecycle, a use-after-free condition could have
occured, which could have led to a potentially exploitable crash.


References

     Bug 1839703

_____________________________________________________________________


Mozilla Foundation Security Advisory 2023-25
Security Vulnerabilities fixed in Firefox for iOS 115

Announced       July 4, 2023
Impact          moderate
Products        Firefox for iOS
Fixed in
         Firefox for iOS 115

#CVE-2023-37455: Media permission request prompt showing from
background tab

Reporter        Kazuki Nomoto
Impact          moderate

Description

The permission request prompt from the site in the background
tab was overlaid on top of the site in the foreground tab.


References

     Bug 1786934


#CVE-2023-37456: Browser crashed when session restore was called
with an empty body

Reporter        Artem Chaykin
Impact          low

Description

The session restore helper crashed whenever there was no parameter
sent to the message handler.


References

     Bug 1795496

_____________________________________________________________________


Mozilla Foundation Security Advisory 2023-23
Security Vulnerabilities fixed in Firefox ESR 102.13

Announced       July 4, 2023
Impact          high
Products        Firefox ESR
Fixed in
         Firefox ESR 102.13

#CVE-2023-37201: Use-after-free in WebRTC certificate generation

Reporter       Irvan Kurniawan
Impact         high

Description

An attacker could have triggered a use-after-free condition when
creating a WebRTC connection over HTTPS.


References

     Bug 1826002

#CVE-2023-37202: Potential use-after-free from compartment
mismatch in SpiderMonkey

Reporter       zx
Impact         high

Description

Cross-compartment wrappers wrapping a scripted proxy could
have caused objects from other compartments to be stored in
the main compartment resulting in a use-after-free.


References

     Bug 1834711


#CVE-2023-37207: Fullscreen notification obscured

Reporter       Shaheen Fazim
Impact         moderate

Description

A website could have obscured the fullscreen notification
by using a URL with a scheme handled by an external program,
such as a mailto URL. This could have led to user confusion
and possible spoofing attacks.


References

     Bug 1816287


#CVE-2023-37208: Lack of warning when opening Diagcab files

Reporter       P Umar Farooq
Impact         moderate

Description

When opening Diagcab files, Firefox did not warn the user that
these files may contain malicious code.


References

     Bug 1837675

#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox
ESR 102.13, and Thunderbird 102.13

Reporter
     Andrew McCreight, Matthew Gaudet, Tom Ritter, and the Mozilla
Fuzzing Team,


Impact
     high

Description

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and
Thunderbird 102.12. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these
could have been exploited to run arbitrary code.


References

     Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13


_____________________________________________________________________


Mozilla Foundation Security Advisory 2023-22
Security Vulnerabilities fixed in Firefox 115

Announced       July 4, 2023
Impact          high
Products        Firefox
Fixed in
         Firefox 115


#CVE-2023-3482: Block all cookies bypass for localstorage

Reporter      Martin Hostettler
Impact        moderate

Description

When Firefox is configured to block storage of all cookies,
it was still possible to store data in localstorage by using
an iframe with a source of 'about:blank'. This could have led
to malicious websites storing tracking data without permission.


References

     Bug 1839464

#CVE-2023-37201: Use-after-free in WebRTC certificate generation

Reporter       Irvan Kurniawan
Impact         high

Description

An attacker could have triggered a use-after-free condition when
creating a WebRTC connection over HTTPS.


References

     Bug 1826002

#CVE-2023-37202: Potential use-after-free from compartment
mismatch in SpiderMonkey

Reporter       zx
Impact         high

Description

Cross-compartment wrappers wrapping a scripted proxy could
have caused objects from other compartments to be stored in
the main compartment resulting in a use-after-free.


References

     Bug 1834711

#CVE-2023-37203: Drag and Drop API may provide access to local
system files

Reporter       Paul Nickerson
Impact         moderate

Description

Insufficient validation in the Drag and Drop API in conjunction
with social engineering, may have allowed an attacker to trick
end-users into creating a shortcut to local system files. This
could have been leveraged to execute arbitrary code.


References

     Bug 291640


#CVE-2023-37204: Fullscreen notification obscured via option
element

Reporter       Irvan Kurniawan
Impact         moderate

Description

A website could have obscured the fullscreen notification by
using an option element by introducing lag via an expensive
computational function. This could have led to user confusion
and possible spoofing attacks.


References

     Bug 1832195

#CVE-2023-37205: URL spoofing in address bar using RTL characters

Reporter       Rohan Sharma
Impact         moderate

Description

The use of RTL Arabic characters in the address bar may have
allowed for URL spoofing.


References

     Bug 1704420


#CVE-2023-37206: Insufficient validation of symlinks in the
FileSystem API

Reporter        Ameen Basha M K
Impact          moderate

Description

Uploading files which contain symlinks may have allowed an
attacker to trick a user into submitting sensitive data to a
malicious website.


References

     Bug 1813299

#CVE-2023-37207: Fullscreen notification obscured

Reporter        Shaheen Fazim
Impact          moderate

Description

A website could have obscured the fullscreen notification
by using a URL with a scheme handled by an external program,
such as a mailto URL. This could have led to user confusion
and possible spoofing attacks.


References

     Bug 1816287


#CVE-2023-37208: Lack of warning when opening Diagcab files

Reporter         P Umar Farooq
Impact           moderate

Description

When opening Diagcab files, Firefox did not warn the user
that these files may contain malicious code.


References

     Bug 1837675


#CVE-2023-37209: Use-after-free in `NotifyOnHistoryReload`

Reporter        Simon Descarpentries
Impact          moderate

Description

A use-after-free condition existed in NotifyOnHistoryReload
where a LoadingSessionHistoryEntry object was freed and a
reference to that object remained. This resulted in a
potentially exploitable condition when the reference to that
object was later reused.


References

     Bug 1837993


#CVE-2023-37210: Full-screen mode exit prevention

Reporter        Hafiizh
Impact          low

Description

A website could prevent a user from exiting full-screen mode
via alert and prompt calls. This could lead to user confusion
and possible spoofing attacks.


References

     Bug 1821886

#CVE-2023-37211: Memory safety bugs fixed in Firefox 115,
Firefox ESR 102.13, and Thunderbird 102.13

Reporter        Andrew McCreight, Matthew Gaudet, Tom Ritter,
and the Mozilla Fuzzing Team,
Impact          high


Description

Memory safety bugs present in Firefox 114, Firefox ESR 102.12,
and Thunderbird 102.12. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort
some of these could have been exploited to run arbitrary code.


References

     Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13


#CVE-2023-37212: Memory safety bugs fixed in Firefox 115

Reporter       Andrew McCreight, and the Mozilla Fuzzing Team
Impact         high

Description

Memory safety bugs present in Firefox 114. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort
some of these could have been exploited to run arbitrary code.


References

     Memory safety bugs fixed in Firefox 115



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================