关键漏洞信息总结 主要内容 公告编号: Mozilla Foundation Security Advisory 2023-13 公告日期: April 11, 2023 影响程度: High 受影响产品: Firefox, Firefox for Android, Focus for Android 修复版本: Firefox 112, Firefox for Android 112, Focus for Android 112 关键漏洞列表 高危漏洞 (High) CVE-2023-29531: Out-of-bound memory access in WebGL on macOS. CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass. CVE-2023-29533: Fullscreen notification obscured. CVE-2023-29534: Fullscreen notification could have been obscured on Firefox for Android. CVE-2023-1999: Double-free in libwebp. CVE-2023-29535: Potential Memory Corruption. CVE-2023-29536: Invalid free from JavaScript code. CVE-2023-29537: Data Races in font initialization code. 中危漏洞 (Moderate) CVE-2023-29538: Directory information could have been leaked to WebExtensions. CVE-2023-29540: Iframe sandbox bypass using redirects and sourceMappingUrls. CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux. CVE-2023-29542: Bypass of file download extension restrictions. CVE-2023-29543: Use-after-free in debugging APIs. CVE-2023-29544: Memory Corruption in garbage collector. CVE-2023-29545: Windows Save As dialog resolved environment variables. 低危漏洞 (Low) CVE-2023-29546: Screen recording in Private Browsing included address bar on Android. CVE-2023-29547: Secure document cookie could be spoofed with insecure cookie. CVE-2023-29548: Incorrect optimization result on ARM64. CVE-2023-29549: Javascript’s bind function may have failed. ###其他 CVE-2023-29550, CVE-2023-29551: 两个与内存安全相关的重要性较高的漏洞,分别针对Firefox 112与Firefox ESR 102.10以及Firefox 112进行修复。 上述信息展示了不同漏洞的类型,影响范围以及修复版本,有助于用户了解并采取相应措施以更新至最新版本,减少安全风险。