Mozilla Products Arbitrary Code Execution Multiple Vulnerabilities - …

…20240515003 (#737) * Mozilla Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515003 * Mozilla Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515003 --------- Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
wagov · May 15, 2024 · 51c5049 · 51c5049
1 parent db629e1
commit 51c5049
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/...isories/20240515003-Mozilla-Products-Arbitrary-Code-Execution-Multiple-Vulnerabilities md b/...isories/20240515003-Mozilla-Products-Arbitrary-Code-Execution-Multiple-Vulnerabilities md
@@ -0,0 +1,35 @@
+# Mozilla Products Arbitrary Code Execution Multiple Vulnerabilities - 20240515003
+
+## Overview
+
+Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution.
+
+## What is vulnerable?
+The following Mozilla products are found vulnerable:
+
+<br>- **[Firefox ESR versions prior to 115.11](https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/)**<br/>
+<br>- **[Thunderbird versions prior to 115.11](https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/)**<br/>
+<br>- **[Firefox versions prior to 126](https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/)**<br/>
+
+Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- We recommend updating your affected Mozilla products to any of the following or later version(s):
+
+    - Firefox ESR version 115.11
+
+    - Thunderbird version 115.11
+
+    - Firefox version 126
+
+## Additional References
+
+- [Mozilla Foundation Security Advisories --- Mozilla](https://www.mozilla.org/en-US/security/advisories/)
+- [Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution (cisecurity.org)](https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2024-056)