ROS-20220314-01

Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation
the vulnerability could allow an attacker acting remotely and who has the ability to
control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts,
could create a link that, when clicked, would cause JavaScript to execute in violation of the isolated program environment.
programming environment

Vulnerability in Mozilla Firefox browser, due to the fact that the browser stores files in the /tmp folder, which is accessible to all local users.
all local users. Exploitation of the vulnerability could allow an attacker to read files from this folder and gain access to potentially sensitive files.
folder and gain access to potentially sensitive information

Vulnerability in Mozilla Firefox browser, related to a bug when resizing a pop-up window after a full-screen access request.
full-screen access request. Exploitation of the vulnerability could allow an attacker acting
remotely to fail to display the full-screen notification and perform a spoofing attack

Vulnerability in Mozilla Firefox browser, related to a post-release memory usage error in
HTML content processing. Exploitation of the vulnerability could allow an attacker, acting remotely,
initiate post-release usage by forcibly reformatting text in an SVG object and
executing arbitrary code on the system

Vulnerability in the Mozilla Firefox browser, related to a race condition in signature verification during installation of the
Firefox add-on. Exploitation of the vulnerability could allow an attacker acting remotely to replace the
the add-on’s base file while the user was confirming the invitation, and install a malicious add-on
on the system