Mozilla has fixed several vulnerabilities in Firefox, including some high-severity memory safety bugs and an odd bug that could allow an attacker to supply a remote path and cause network problems.
The most serious of the flaws are the memory safety bugs, which Mozilla did not call out specifically or describe in detail. But the company said the vulnerabilities may have led to code execution.
“Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code,” the advisory says.
Firefox 103 also fixes a somewhat unusual flaw that an attacker could use to disrupt network traffic.
“When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This bug only affects Firefox for Windows,” the advisory says.
Firefox on Android is affected by a separate vulnerability that could allow an attacker to cause a denial-of-service condition on a target device.
“When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service,” the advisory says.
Firefox users should upgrade to version 103 as soon as possible to protect against these vulnerabilities.