Mozilla fixes several high severity vulnerabilities in Firefox 99 and Firefox ESR 91.8

Hey everyone,

Mozilla has released fixes for several high-severity vulnerabilities in Firefox 99 and Firefox ESR 91.8. The details of the vulnerabilities fixed can be found below:

CVE ID	Description	Severity
CVE-2022-1097 (Firefox and Firefox ESR)	Use-after-free in NSSToken objects	High
CVE-2022-28281 (Firefox and Firefox ESR)	Out of bounds write due to unexpected WebAuthN Extensions	High
CVE-2022-28282 (Firefox and Firefox ESR)	Use-after-free in DocumentL10n::TranslateDocument	Moderate
CVE-2022-28283 (Firefox)	Missing security checks for fetching sourceMapURL	Moderate
CVE-2022-28284 (Firefox)	Script could be executed via svg's use element	Moderate
CVE-2022-28285 (Firefox and Firefox ESR)	Incorrect AliasSet used in JIT Codegen	Moderate
CVE-2022-28286 (Firefox and Firefox ESR)	iframe contents could be rendered outside the border	Low
CVE-2022-28287 (Firefox)	Text Selection could crash Firefox	Low
CVE-2022-24713 (Firefox and Firefox ESR)	Denial of Service via complex regular expressions	Low
CVE-2022-28289 (Firefox and Firefox ESR)	Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8	High
CVE-2022-28288 (Firefox)	Memory safety bugs fixed in Firefox 99	Moderate
CVE-2022-1196 (Firefox ESR)	Use-after-free after VR Process destruction	Moderate

* Products affected by the bugs are mentioned in brackets.

To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Firefox 99

Patch ID	Bulletin ID	Patch Description
324360	TU-027	Mozilla Firefox (x64) (99.0)
324359	TU-027	Mozilla Firefox (99.0)

Firefox ESR 91.8

Patch ID	Bulletin ID	Patch Description
324362	TU-054	Mozilla Firefox ESR (91) (x64) (91.8.0) for Windows
324361	TU-054	Mozilla Firefox ESR (91) (91.8.0) for Windows