SecurityWeek reports that numerous security vulnerabilities impacting Mozilla Firefox and Thunderbird have been addressed in new updates.
Mozilla's Firefox 121 update includes fixes for 18 flaws, including five high-severity bugs. The most severe of the flaws is a heap buffer overflow vulnerability in WebGL, tracked as CVE-2023-6856, which could be leveraged to facilitate sandbox escape and remote code execution. Patches have also been issued for high-severity bugs, tracked as CVE-2023-6135 and CVE-2023-6865, which could be exploited to compromise long-term private keys and allow local disk data writing, respectively. Other memory safety flaws, collectively known as CVE-2023-6864 and CVE-2023-6873, have also been addressed. Mozilla has also released Thunderbird 115.6 and Firefox ESR 115.6 which also include patches for several flaws, including those that have been addressed in the latest Firefox update. However, the newest Thunderbird iteration adds patches for high-severity flaws, tracked as CVE-2023-50761 and CVE-2023-50762, which could be abused for email message spoofing and email delivery time spoofing, respectively.
TechCrunch reports that major U.S. healthcare revenue and payment cycle management provider Change Healthcare had its systems targeted by a cyberattack on Feb. 20, which resulted in the loss of access across most of the prescription processor's login pages.