Mozilla Firefox patches multiple vulnerabilities

Threat Advisories

Mozilla Firefox patches multiple vulnerabilities


For a detailed advisory, download the pdf file here.

Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities.

Vulnerabilities classified as high are:

  • CVE-2022-22746: Callnnto reportValdty could ave lead to fullscreen wndow spoof
  • CVE-2022-22743: Browser wndow spoof usnfullscreen mode
  • CVE-2022-22742: Out-of-bounds memory access wen nsertntext n edt mode
  • CVE-2022-22741: Browser wndow spoof usnfullscreen mode
  • CVE-2022-22740: Use-after-free of CannelEventQueue::mOwner
  • CVE-2022-22738: eap-buffer-overflow n blendaussanBlur
  • CVE-2022-22737: Race condton wen playnaudo fles
  • CVE-2021-4140 : frame sandbox bypass wtXSLT
  • CVE-2022-22751: Memory safety bus

Vulnerabilities classified as moderate are:

  • CVE-2022-22750:IPC passing of resource handles could have lead to sandbox bypass
  • CVE-2022-22749:Lack of URL restrictions when scanning QR codes
  • CVE-2022-22748:Spoofed origin on external protocol launch dialog
  • CVE-2022-22745:Leaking cross-origin URLs through securitypolicyviolation event
  • CVE-2022-22744:The ‘Copy as curl’ feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
  • CVE-2022-22752:Memory safety bugs

Vulnerabilities classified as low are:

  • CVE-2022-22747: Crash when handling empty pkcs7 sequence
  • CVE-2022-22736: Potential local privilege escalation when loading modules from the install directory.
  • CVE-2022-22739: Missing throttling on external protocol launch dialog

All these vulnerability can be patched by upgrading to Mozilla Firefox 96, Mozilla Firefox ESR 91.5, and Mozilla Thunderbird 91.5

Vulnerabiliy Details