You are currently viewing Mozilla Patches High-Risk Vulnerabilities in Firefox and Thunderbird

Mozilla Patches High-Risk Vulnerabilities in Firefox and Thunderbird

Mozilla has released security updates for Firefox, Firefox ESR, and mailing client Thunderbird. There are 18 vulnerabilities in Firefox,14 vulnerabilities in Firefox ESR, and 14 in Thunderbird that has been found and fixed. The advisories for these products have been rated high severity. Most of these vulnerabilities could lead to Race-Condition, Fullscreen access, out-of-bounds memory access, Use-after-free, heap buffer overflow, Iframe sandbox bypass with XSLT.

Out of the above vulnerabilities, the most severe one is a race condition issue tracked as CVE-2022-22746. The vulnerability only impacts Firefox for Windows operating systems.A race condition could have allowed bypassing the fullscreen notification, which could have lead to a fullscreen window spoof being unnoticed. Another vulnerability is a fullscreen spoof in the Firefox browser window tracked as CVE-2022-22743. The vulnerability can allow an attacker-controlled tab to prevent the browser from leaving fullscreen mode when the user navigates from inside an iframe. One more vulnerability is an out-of-bounds memory access leading to a potentially exploitable crash, and the flaw has been tracked as CVE-2022-22742.


Mozilla Security Updates Summary for January 2022

Product: Mozilla Firefox
Advisory/CVEs:  MFSA2022-01 ,  CVE-2022-22746 , CVE-2022-22743 , CVE-2022-22742 , CVE-2022-22741 , CVE-2022-22740 , CVE-2022-22738  ,  CVE-2022-22737 , CVE-2021-4140 , CVE-2022-22750 , CVE-2022-22749 , CVE-2022-22748 , CVE-2022-22745 , CVE-2022-22744  ,  CVE-2022-22747  ,  CVE-2022-22736 , CVE-2022-22739 , CVE-2022-22751 , CVE-2022-22752
Severity: High
Impact: Race condition, Fullscreen access, Out-of-bounds memory access, Use-after-free, Heap buffer overflow, Iframe sandbox bypass with XSLT.


Product: Mozilla Firefox ESR
Advisory/CVEs: MFSA2022-02 , CVE-2022-22746 , CVE-2022-22743 , CVE-2022-22742 , CVE-2022-22741 , CVE-2022-22740 , CVE-2022-22738 , CVE-2022-22737 , CVE-2021-4140, CVE-2022-22748 , CVE-2022-22745 , CVE-2022-22744 , CVE-2022-22747 , CVE-2022-22739 , CVE-2022-22751
Severity: High
Impact: Race condition, Fullscreen access, Out-of-bounds memory access, Use-after-free, Heap buffer overflow, Iframe sandbox bypass with XSLT.


Product: Mozilla Thunderbird
Advisory/CVEs: MFSA2022-02 , CVE-2022-22746, CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740, CVE-2022-22738, CVE-2022-22737 , CVE-2022-22748, CVE-2022-22745, CVE-2022-22744,CVE-2022-22747,CVE-2022-22739,CVE-2022-22751
Severity: High
Impact: Race condition, fullscreen access, Out-of-bounds memory access, Use-after-free, Heap buffer overflow, Iframe sandbox bypass with XSLT.


Affected Products:

Mozilla Firefox below 96.0
Mozilla Firefox ESR below 91.5 and
Mozilla Thunderbird below 91.5


Solution:

Mozilla Firefox 96.0
Mozilla Firefox ESR 91.5
Mozilla Thunderbird 91.5


SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and keep your systems updated and secure.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments