Mozilla fixes several high severity vulnerabilities in Firefox 101 and Firefox ESR 91.10
Hey everyone,
Mozilla has released fixes for several high-severity vulnerabilities in Firefox 101 and Firefox ESR 91.10. The details of the vulnerabilities fixed can be found below:
CVE ID | Description | Severity |
CVE-2022-21736 (Firefox and Firefox ESR 91.10) | Cross-Origin resource's length leaked | High |
CVE-2022-21737 (Firefox and Firefox ESR 91.10) | Heap buffer overflow in WebGL | High |
CVE-2022-21738 (Firefox and Firefox ESR 91.10) | Browser window spoof using fullscreen mode | High |
CVE-2022-21739 (Firefox and Firefox ESR 91.10) | Attacker-influenced path traversal when saving downloaded files | High |
CVE-2022-21740 (Firefox and Firefox ESR 91.10) | Register allocation problem in WASM on arm64 | High |
CVE-2022-21741 (Firefox and Firefox ESR 91.10) | Uninitialized variable leads to invalid memory read | High |
CVE-2022-21742 (Firefox and Firefox ESR 91.10) | Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information | High |
CVE-2022-21743 (Firefox) | HTML Parsing incorrectly ended HTML comments prematurely | High |
CVE-2022-21744 (Firefox) | CSP bypass enabling stylesheet injection | Moderate |
CVE-2022-21745 (Firefox) | Incorrect Assertion caused by unoptimized array shift operations | Moderate |
CVE-2022-1919 (Firefox) | Memory Corruption when manipulating webp images | Low |
CVE-2022-21747 (Firefox and Firefox ESR 91.10) | Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 | High |
CVE-2022-21748 (Firefox) | Memory safety bugs fixed in Firefox 101 | High |
* Products affected by the bugs are mentioned in brackets.
To install these patches, initiate a sync between the Central Patch Repository and the Endpoint Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
Firefox 101
Patch ID | Bulletin ID | Patch Description |
325104 | TU-027 | Mozilla Firefox (x64) (101.0) |
325103 | TU-027 | Mozilla Firefox (101.0) |
603863 | MAC-006 | Mozilla Firefox For Mac (101.0) |
Firefox ESR 91.10
Patch ID | Bulletin ID | Patch Description |
325106 | TU-027 | Mozilla Firefox ESR (91) (x64) (91.10.0) |
325105 | TU-027 | Mozilla Firefox ESR (91) (91.10.0) |
603863 | MAC-111 | Mozilla Firefox ESR for MAC 91.10.0 |
Cheers,
The ManageEngine Team