Mozilla Firefox patches multiple vulnerabilities
Mozilla Firefox patches multiple vulnerabilities
THREAT LEVEL: Amber.
For a detailed advisory, download the pdf file here.
Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities.
Vulnerabilities classified as high are:
- CVE-2022-22746: Callnnto reportValdty could ave lead to fullscreen wndow spoof
- CVE-2022-22743: Browser wndow spoof usnfullscreen mode
- CVE-2022-22742: Out-of-bounds memory access wen nsertntext n edt mode
- CVE-2022-22741: Browser wndow spoof usnfullscreen mode
- CVE-2022-22740: Use-after-free of CannelEventQueue::mOwner
- CVE-2022-22738: eap-buffer-overflow n blendaussanBlur
- CVE-2022-22737: Race condton wen playnaudo fles
- CVE-2021-4140 : frame sandbox bypass wtXSLT
- CVE-2022-22751: Memory safety bus
Vulnerabilities classified as moderate are:
- CVE-2022-22750:IPC passing of resource handles could have lead to sandbox bypass
- CVE-2022-22749:Lack of URL restrictions when scanning QR codes
- CVE-2022-22748:Spoofed origin on external protocol launch dialog
- CVE-2022-22745:Leaking cross-origin URLs through securitypolicyviolation event
- CVE-2022-22744:The ‘Copy as curl’ feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
- CVE-2022-22752:Memory safety bugs
Vulnerabilities classified as low are:
- CVE-2022-22747: Crash when handling empty pkcs7 sequence
- CVE-2022-22736: Potential local privilege escalation when loading modules from the install directory.
- CVE-2022-22739: Missing throttling on external protocol launch dialog
All these vulnerability can be patched by upgrading to Mozilla Firefox 96, Mozilla Firefox ESR 91.5, and Mozilla Thunderbird 91.5
Vulnerabiliy Details
References
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/
