Hey everyone,
Platform | CVE ID | Vulnerability | Impact |
Firefox 97 | CVE-2022-22753 | Privilege Escalation to SYSTEM on Windows via Maintenance Service | High |
Firefox 97 | CVE-2022-22754 | Extensions could have bypassed permission confirmation during update | High |
Firefox 97 | CVE-2022-22755 | XSL could have allowed JavaScript execution after a tab was closed | Moderate |
Firefox 97 | CVE-2022-22756 | Drag and dropping an image could have resulted in the dropped object being an executable | Moderate |
Firefox 97 | CVE-2022-22757 | Remote Agent did not prevent local websites from connecting | Moderate |
Firefox 97 | CVE-2022-22758 | tel: links could have sent USSD codes to the dialer on Firefox for Android | Moderate |
Firefox 97 | CVE-2022-22759 | Sandboxed iframes could have executed script if the parent appended elements | Moderate |
Firefox 97 | CVE-2022-22760 | Cross-Origin responses could be distinguished between script and non-script content-types | Moderate |
Firefox 97 | frame-ancestors Content Security Policy directive was not enforced for framed extension pages | Moderate | |
Firefox 97 | CVE-2022-22762 | JavaScript Dialogs could have been displayed over other domains on Firefox for Android | Low |
Firefox 97 | CVE-2022-0511 | Memory safety bugs fixed in Firefox 97 | High |
Firefox 97 and Firefox ESR 91.6 | CVE-2022-22764 | Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 | High |
Firefox ESR 91.6 | CVE-2022-22753 | Privilege Escalation to SYSTEM on Windows via Maintenance Service | High |
Firefox ESR 91.6 | CVE-2022-22754 | Extensions could have bypassed permission confirmation during update | High |
Firefox ESR 91.6 | CVE-2022-22756 | Drag and dropping an image could have resulted in the dropped object being an executable | Moderate |
Firefox ESR 91.6 | CVE-2022-22759 | Sandboxed iframes could have executed script if the parent appended elements | Moderate |
Firefox ESR 91.6 | CVE-2022-22760 | Cross-Origin responses could be distinguished between script and non-script content-types | Moderate |
Firefox ESR 91.6 | CVE-2022-22761 | frame-ancestors Content Security Policy directive was not enforced for framed extension pages | Moderate |
Firefox ESR 91.6 | CVE-2022-22763 | Script Execution during invalid object state | Moderate |
Patch ID | Bulletin ID | Patch Description |
323533 | TU-027 | Mozilla Firefox (x64) (97.0) |
323532 | TU-027 | Mozilla Firefox (97.0) |
323535 | TU-054 | Mozilla Firefox ESR (91) (x64) (91.6.0) |
323534 | TU-054 | Mozilla Firefox ESR (91) (91.6.0) |
Cheers,