Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity & Infrastructure Security Agency (CISA) is recommending that the patches be applied because “a cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.”

The updates to the Thunderbird product are designed to fix three high impact and seven medium vulnerabilities that would allow an attacker to “corrupt memory leading to a potentially exploitable crash…a bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions…a malicious devtools extension could have been used to escalate privileges,” and memory corruption “could have been exploited to run arbitrary code.”

The updates to the Firefox ESR product fix three high and seven medium impact vulnerabilities similar to those outlined above and the updates to the Firefox 122 product fixed six high and ten medium impact vulnerabilities.

All of these vulnerabilities, if exploited, could cause disruption to business units, so it would be prudent to follow the recommendations of Mozilla and CISA is prudent.