Mozilla Firefox patches multiple vulnerabilities

For a detailed advisory, download the pdf file here.

Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities.

Vulnerabilities classified as high are:

CVE-2022-22746: Callnnto reportValdty could ave lead to fullscreen wndow spoofCVE-2022-22743: Browser wndow spoof usnfullscreen modeCVE-2022-22742: Out-of-bounds memory access wen nsertntext n edt modeCVE-2022-22741: Browser wndow spoof usnfullscreen modeCVE-2022-22740: Use-after-free of CannelEventQueue::mOwnerCVE-2022-22738: eap-buffer-overflow n blendaussanBlurCVE-2022-22737: Race condton wen playnaudo flesCVE-2021-4140 : frame sandbox bypass wtXSLTCVE-2022-22751: Memory safety bus

Vulnerabilities classified as moderate are:

CVE-2022-22750:IPC passing of resource handles could have lead to sandbox bypassCVE-2022-22749:Lack of URL restrictions when scanning QR codesCVE-2022-22748:Spoofed origin on external protocol launch dialogCVE-2022-22745:Leaking cross-origin URLs through securitypolicyviolation eventCVE-2022-22744:The ‘Copy as curl’ feature in DevTools did not fully escape website-controlled data, potentially leading to command injectionCVE-2022-22752:Memory safety bugs

Vulnerabilities classified as low are:

CVE-2022-22747: Crash when handling empty pkcs7 sequenceCVE-2022-22736: Potential local privilege escalation when loading modules from the install directory.CVE-2022-22739: Missing throttling on external protocol launch dialog

All these vulnerability can be patched by upgrading to Mozilla Firefox 96, Mozilla Firefox ESR 91.5, and Mozilla Thunderbird 91.5

Vulnerabiliy Details