Mozilla Firefox patches multiple vulnerabilities

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities. Vulnerabilities classified as high are: CVE-2022-22746: Callnnto reportValdty could ave lead to fullscreen wndow spoof CVE-2022-22743: Browser wndow spoof usnfullscreen mode CVE-2022-22742: Out-of-bounds memory access wen nsertntext n edt mode CVE-2022-22741: Browser wndow spoof usnfullscreen mode CVE-2022-22740: Use-after-free of CannelEventQueue::mOwner CVE-2022-22738: eap-buffer-overflow n blendaussanBlur CVE-2022-22737: Race condton wen playnaudo fles CVE-2021-4140 : frame sandbox bypass wtXSLT CVE-2022-22751: Memory safety bus Vulnerabilities classified as moderate are: CVE-2022-22750:IPC passing of resource handles could have lead to sandbox bypass CVE-2022-22749:Lack of URL restrictions when scanning QR codes CVE-2022-22748:Spoofed origin on external protocol launch dialog CVE-2022-22745:Leaking cross-origin URLs through securitypolicyviolation event CVE-2022-22744:The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection CVE-2022-22752:Memory safety bugs Vulnerabilities classified as low are: CVE-2022-22747: Crash when handling empty pkcs7 sequence CVE-2022-22736: Potential local privilege escalation when loading modules from the install directory. CVE-2022-22739: Missing throttling on external protocol launch dialog All these vulnerability can be patched by upgrading to Mozilla Firefox 96, Mozilla Firefox ESR 91.5, and Mozilla Thunderbird 91.5 Vulnerabiliy Details References https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/ https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/mozilla-releases-security-updates-firefox-firefox-esr-and