Mozilla fixes several high severity vulnerabilities in Firefox 99 and Firefox ESR 91.8

Mozilla fixes several high severity vulnerabilities in Firefox 99 and Firefox ESR 91.8

Hey everyone,

 

Mozilla has released fixes for several high-severity vulnerabilities in Firefox 99 and Firefox ESR 91.8. The details of the vulnerabilities fixed can be found below:

CVE ID
Description 
Severity
CVE-2022-1097
(Firefox and Firefox ESR)
Use-after-free in NSSToken objects
High
CVE-2022-28281
(Firefox and Firefox ESR)

Out of bounds write due to unexpected WebAuthN Extensions  

High
CVE-2022-28282
(Firefox and Firefox ESR)

Use-after-free in DocumentL10n::TranslateDocument  

Moderate
CVE-2022-28283
(Firefox)
Missing security checks for fetching sourceMapURL  
Moderate
CVE-2022-28284
(Firefox)
Script could be executed via svg's use element  
Moderate
CVE-2022-28285
(Firefox and Firefox ESR)
Incorrect AliasSet used in JIT Codegen  
Moderate

CVE-2022-28286

(Firefox and Firefox ESR)
iframe contents could be rendered outside the border  
Low

CVE-2022-28287
(Firefox)

Text Selection could crash Firefox  
Low

CVE-2022-24713
(Firefox and Firefox ESR)

Denial of Service via complex regular expressions  
Low

CVE-2022-28289
(Firefox and Firefox ESR)

Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8  
High

CVE-2022-28288
(Firefox)

Memory safety bugs fixed in Firefox 99  
Moderate

CVE-2022-1196

(Firefox ESR)

Use-after-free after VR Process destruction  
Moderate

* Products affected by the bugs are mentioned in brackets.

 

To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.


Firefox 99

Patch ID
Bulletin ID Patch Description
324360

TU-027

Mozilla Firefox (x64) (99.0)
324359
TU-027
Mozilla Firefox (99.0)

Firefox ESR 91.8

Patch ID
Bulletin ID Patch Description
324362

TU-054

Mozilla Firefox ESR (91) (x64) (91.8.0) for Windows
324361
TU-054
Mozilla Firefox ESR (91) (91.8.0) for Windows

Cheers, 
The ManageEngine Team