Lucene search

K
hivepro
Hive ProHIVEPRO:779E466407116476EB2306CE9BFC2CEB
HistoryJan 12, 2022 - 7:57 a.m.

Mozilla Firefox patches multiple vulnerabilities

2022-01-1207:57:08
Hive Pro
www.hivepro.com
42

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities. Vulnerabilities classified as high are: CVE-2022-22746: Callnnto reportValdty could ave lead to fullscreen wndow spoof CVE-2022-22743: Browser wndow spoof usnfullscreen mode CVE-2022-22742: Out-of-bounds memory access wen nsertntext n edt mode CVE-2022-22741: Browser wndow spoof usnfullscreen mode CVE-2022-22740: Use-after-free of CannelEventQueue::mOwner CVE-2022-22738: eap-buffer-overflow n blendaussanBlur CVE-2022-22737: Race condton wen playnaudo fles CVE-2021-4140 : frame sandbox bypass wtXSLT CVE-2022-22751: Memory safety bus Vulnerabilities classified as moderate are: CVE-2022-22750:IPC passing of resource handles could have lead to sandbox bypass CVE-2022-22749:Lack of URL restrictions when scanning QR codes CVE-2022-22748:Spoofed origin on external protocol launch dialog CVE-2022-22745:Leaking cross-origin URLs through securitypolicyviolation event CVE-2022-22744:The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection CVE-2022-22752:Memory safety bugs Vulnerabilities classified as low are: CVE-2022-22747: Crash when handling empty pkcs7 sequence CVE-2022-22736: Potential local privilege escalation when loading modules from the install directory. CVE-2022-22739: Missing throttling on external protocol launch dialog All these vulnerability can be patched by upgrading to Mozilla Firefox 96, Mozilla Firefox ESR 91.5, and Mozilla Thunderbird 91.5 Vulnerabiliy Details References https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/ https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/mozilla-releases-security-updates-firefox-firefox-esr-and

Be first who know about 0-days in popular software

Do not waste time on finding information in tons of articles. Subscribe yourself and your colleagues on news and articles about products you need and you use!

Subscribe on news
Related for HIVEPRO:779E466407116476EB2306CE9BFC2CEB