Mozilla has released security updates for Firefox and Thunderbird, addressing 20 vulnerabilities, including memory safety issues. The updates patch a heap buffer overflow bug in WebGL that could allow remote code execution and sandbox escape. Another vulnerability makes Network Security Services NIST curves vulnerable to the Minerva side-channel attack, potentially exposing the long-term private key. Firefox 121 also resolves multiple memory safety issues and eight medium-severity flaws. Thunderbird 115.6 has patches for 11 vulnerabilities, with two high-severity flaws allowing email message spoofing. The updates are available on Mozilla's security advisories page. #Mozilla #Firefox #Thunderbird #vulnerabilities #securityupdates

https://www.securityweek.com/mozilla-patches-firefox-vulnerability-allowing-remote-code-execution-sandbox-escape/