Mozilla fixes several high severity vulnerabilities in Firefox 101 and Firefox ESR 91.10

Mozilla fixes several high severity vulnerabilities in Firefox 101 and Firefox ESR 91.10

Hey everyone,

 

Mozilla has released fixes for several high-severity vulnerabilities in Firefox 101 and Firefox ESR 91.10. The details of the vulnerabilities fixed can be found below:

CVE ID
Description
Severity
CVE-2022-21736
(Firefox and Firefox ESR 91.10)
Cross-Origin resource's length leaked
High
CVE-2022-21737
(Firefox and Firefox ESR 91.10)
Heap buffer overflow in WebGL
High
CVE-2022-21738
(Firefox and Firefox ESR 91.10)
Browser window spoof using fullscreen mode
High
CVE-2022-21739
(Firefox and Firefox ESR 91.10)
Attacker-influenced path traversal when saving downloaded files
High
CVE-2022-21740
(Firefox and Firefox ESR 91.10)
Register allocation problem in WASM on arm64
High
CVE-2022-21741
(Firefox and Firefox ESR 91.10)
Uninitialized variable leads to invalid memory read
High
CVE-2022-21742
(Firefox and Firefox ESR 91.10)
Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
High
CVE-2022-21743
(Firefox)
HTML Parsing incorrectly ended HTML comments prematurely
High
CVE-2022-21744
(Firefox)
CSP bypass enabling stylesheet injection
Moderate
CVE-2022-21745
(Firefox)
Incorrect Assertion caused by unoptimized array shift operations
Moderate
CVE-2022-1919
(Firefox)
Memory Corruption when manipulating webp images
Low
CVE-2022-21747
(Firefox and Firefox ESR 91.10)
Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
High
CVE-2022-21748
(Firefox)
Memory safety bugs fixed in Firefox 101
High


* Products affected by the bugs are mentioned in brackets.

 

To install these patches, initiate a sync between the Central Patch Repository and the Endpoint Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.


Firefox 101

Patch ID 
Bulletin ID 
Patch Description
325104
TU-027
Mozilla Firefox (x64) (101.0)
325103
TU-027
Mozilla Firefox  (101.0)
603863
MAC-006
Mozilla Firefox For Mac (101.0)

Firefox ESR 91.10

Patch ID 
Bulletin ID 
Patch Description
325106
TU-027
Mozilla Firefox ESR (91) (x64) (91.10.0)
325105
TU-027
Mozilla Firefox ESR (91) (91.10.0)
603863
MAC-111

Mozilla Firefox ESR for MAC 91.10.0


Cheers,
The ManageEngine Team