Mozilla fixes several high severity vulnerabilities in Firefox 100 and Firefox ESR 91.9

Mozilla fixes several high severity vulnerabilities in Firefox 100 and Firefox ESR 91.9

Hey everyone,

 

Mozilla has released fixes for several high-severity vulnerabilities in Firefox 100 and Firefox ESR 91.9. The details of the vulnerabilities fixed can be found below:

CVE ID  
Description 
Severity
CVE-2022-29914
(Firefox and Firefox ESR)
Fullscreen notification bypass using popups  
High
CVE-2022-29909
(Firefox and Firefox ESR)
Bypassing permission prompt in nested browsing contexts  
High
CVE-2022-29916
(Firefox and Firefox ESR)

Leaking browser history with CSS variables  

High
CVE-2022-29911
(Firefox and Firefox ESR)
iframe Sandbox bypass  
High
CVE-2022-29912
(Firefox and Firefox ESR)
Reader mode bypassed SameSite cookies
Moderate
CVE-2022-29910
(Firefox)
Firefox for Android forgot HTTP Strict Transport Security settings  
Moderate
CVE-2022-29915
(Firefox)
Leaking cross-origin redirect through the Performance API  
Low
CVE-2022-29917
(Firefox and Firefox ESR)
Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9  
High
CVE-2022-29918
(Firefox)
Memory safety bugs fixed in Firefox 100  
High

* Products affected by the bugs are mentioned in brackets.

 

To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Firefox 100

Patch ID 
Bulletin ID 
Patch description
324736
TU-027
Mozilla Firefox (x64) (100.0)
324735
TU-027
Mozilla Firefox (100.0)

Firefox ESR 91.9

Patch ID 
Bulletin ID 
Patch description
324738TU-054Mozilla Firefox ESR (91) (x64) (91.9.0) for Windows
324737TU-054Mozilla Firefox ESR (91) (x64) (91.9.0) for Windows



Cheers,

The ManageEngine Team


                New to ADSelfService Plus?