Mozilla fixes several high severity vulnerabilities in Firefox 100 and Firefox ESR 91.9
Hey everyone,
Mozilla has released fixes for several high-severity vulnerabilities in Firefox 100 and Firefox ESR 91.9. The details of the vulnerabilities fixed can be found below:
CVE ID | Description | Severity |
CVE-2022-29914 (Firefox and Firefox ESR) | Fullscreen notification bypass using popups | High |
CVE-2022-29909 (Firefox and Firefox ESR) | Bypassing permission prompt in nested browsing contexts | High |
CVE-2022-29916 (Firefox and Firefox ESR) | Leaking browser history with CSS variables | High |
CVE-2022-29911 (Firefox and Firefox ESR) | iframe Sandbox bypass | High |
CVE-2022-29912 (Firefox and Firefox ESR) | Reader mode bypassed SameSite cookies | Moderate |
CVE-2022-29910 (Firefox) | Firefox for Android forgot HTTP Strict Transport Security settings | Moderate |
CVE-2022-29915 (Firefox) | Leaking cross-origin redirect through the Performance API | Low |
CVE-2022-29917 (Firefox and Firefox ESR) | Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 | High |
CVE-2022-29918 (Firefox) | Memory safety bugs fixed in Firefox 100 | High |
* Products affected by the bugs are mentioned in brackets.
To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
Firefox 100
Patch ID | Bulletin ID | Patch description |
324736 | TU-027 | Mozilla Firefox (x64) (100.0) |
324735 | TU-027 | Mozilla Firefox (100.0) |
Firefox ESR 91.9
Patch ID | Bulletin ID | Patch description |
| 324738 | TU-054 | Mozilla Firefox ESR (91) (x64) (91.9.0) for Windows |
| 324737 | TU-054 | Mozilla Firefox ESR (91) (x64) (91.9.0) for Windows |
Cheers,
The ManageEngine Team