Mozilla fixes several high severity vulnerabilities in Firefox 98, Firefox ESR 91.7 and Thunderbird 91.7

Mozilla fixes several high severity vulnerabilities in Firefox 98, Firefox ESR 91.7 and Thunderbird 91.7

Hey everyone,

 

Mozilla has released fixes for several high-severity vulnerabilities in Firefox 98, Firefox ESR 91.7 and Thunderbird 91.7. The details of the vulnerabilities fixed can be found below:

CVE ID 
Description 
Impact

CVE-2022-26383

(Firefox, Firefox ESR and Thunderbird)

Browser window spoof using fullscreen mode
High

CVE-2022-26384

(Firefox, Firefox ESR and Thunderbird)
iframe allow-scripts sandbox bypass
High

CVE-2022-26387

(Firefox, Firefox ESR and Thunderbird)
Time-of-check time-of-use bug when verifying add-on signatures
High

CVE-2022-26381

(Firefox, Firefox ESR and Thunderbird)
Use-after-free in text reflows
High

CVE-2022-26382

(Firefox)
Autofill Text could be exfiltrated via side-channel attacks
Moderate

CVE-2022-26385

(Firefox)
Use-after-free in thread shutdown
Moderate

CVE-2022-0843

(Firefox)

Memory safety bugs fixed in Firefox 98
Moderate

CVE-2022-26386

(Firefox ESR and Thunderbird for macOS and Linux)
Temporary files downloaded to /tmp and accessible by other local users  
Low

* Products affected by the bugs are mentioned in brackets.

To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Firefox 98

Patch ID
Bulletin ID
Patch Description
323890
TU-027
Mozilla Firefox (x64) (98.0) for Windows
323889
TU-027
Mozilla Firefox (98.0) for Windows
603660
MAC-006
Mozilla Firefox For Mac (98.0)

 

Firefox ESR 91.7

Patch IDBulletin IDPatch Description
323892TU-027Mozilla Firefox ESR (x64) (91.7) for Windows
323891TU-027Mozilla Firefox ESR (91.7) for Windows
603661MAC-111Mozilla Firefox ESR for MAC 91.7
803108
DSA-5097-1
Mozilla Firefox ESR Security Update (x64) for Linux (Debian)
803109
DSA-5097-1
Mozilla Firefox ESR Security Update for Linux (Debian)

 

Continued in the comments...