Critical Vulnerability Information Summary Main Content Advisory ID: Mozilla Foundation Security Advisory 2023-13 Release Date: April 11, 2023 Severity: High Affected Products: Firefox, Firefox for Android, Focus for Android Fixed Versions: Firefox 112, Firefox for Android 112, Focus for Android 112 Critical Vulnerability List High Severity (High) CVE-2023-29531: Out-of-bound memory access in WebGL on macOS. CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass. CVE-2023-29533: Fullscreen notification obscured. CVE-2023-29534: Fullscreen notification could have been obscured on Firefox for Android. CVE-2023-1999: Double-free in libwebp. CVE-2023-29535: Potential Memory Corruption. CVE-2023-29536: Invalid free from JavaScript code. CVE-2023-29537: Data Races in font initialization code. Medium Severity (Moderate) CVE-2023-29538: Directory information could have been leaked to WebExtensions. CVE-2023-29540: Iframe sandbox bypass using redirects and sourceMappingUrls. CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux. CVE-2023-29542: Bypass of file download extension restrictions. CVE-2023-29543: Use-after-free in debugging APIs. CVE-2023-29544: Memory Corruption in garbage collector. CVE-2023-29545: Windows Save As dialog resolved environment variables. Low Severity (Low) CVE-2023-29546: Screen recording in Private Browsing included address bar on Android. CVE-2023-29547: Secure document cookie could be spoofed with insecure cookie. CVE-2023-29548: Incorrect optimization result on ARM64. CVE-2023-29549: JavaScript’s bind function may have failed. Others CVE-2023-29550, CVE-2023-29551: Two memory safety-related vulnerabilities of higher importance, fixed in Firefox 112, Firefox ESR 102.10, and Firefox 112 respectively. The above information outlines the types, impact scope, and fixed versions of various vulnerabilities, helping users understand the risks and take appropriate actions by updating to the latest versions to reduce security exposure.