Mozilla Firefox patches multiple vulnerabilities

Threat Level – Amber | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities.

Vulnerabilities classified as high are:

CVE-2022-22746: Callnnto reportValdty could ave lead to fullscreen wndow spoofCVE-2022-22743: Browser wndow spoof usnfullscreen modeCVE-2022-22742: Out-of-bounds memory access wen nsertntext n edt modeCVE-2022-22741: Browser wndow spoof usnfullscreen modeCVE-2022-22740: Use-after-free of CannelEventQueue::mOwnerCVE-2022-22738: eap-buffer-overflow n blendaussanBlurCVE-2022-22737: Race condton wen playnaudo flesCVE-2021-4140 : frame sandbox bypass wtXSLTCVE-2022-22751: Memory safety bus

Vulnerabilities classified as moderate are:

CVE-2022-22750:IPC passing of resource handles could have lead to sandbox bypassCVE-2022-22749:Lack of URL restrictions when scanning QR codesCVE-2022-22748:Spoofed origin on external protocol launch dialogCVE-2022-22745:Leaking cross-origin URLs through securitypolicyviolation eventCVE-2022-22744:The ‘Copy as curl’ feature in DevTools did not fully escape website-controlled data, potentially leading to command injectionCVE-2022-22752:Memory safety bugs

Vulnerabilities classified as low are:

CVE-2022-22747: Crash when handling empty pkcs7 sequenceCVE-2022-22736: Potential local privilege escalation when loading modules from the install directory.CVE-2022-22739: Missing throttling on external protocol launch dialog

All these vulnerability can be patched by upgrading to Mozilla Firefox 96, Mozilla Firefox ESR 91.5, and Mozilla Thunderbird 91.5

Vulnerabiliy Details

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox