Hey everyone,
Mozilla has released fixes for several high-severity vulnerabilities in Firefox 99 and Firefox ESR 91.8. The details of the vulnerabilities fixed can be found below:
CVE ID | Description | Severity |
CVE-2022-1097 (Firefox and Firefox ESR) | Use-after-free in NSSToken objects | High |
CVE-2022-28281 (Firefox and Firefox ESR) | Out of bounds write due to unexpected WebAuthN Extensions | High |
CVE-2022-28282 (Firefox and Firefox ESR) | Use-after-free in DocumentL10n::TranslateDocument | Moderate |
CVE-2022-28283 (Firefox) | Missing security checks for fetching sourceMapURL | Moderate |
CVE-2022-28284 (Firefox) | Script could be executed via svg's use element | Moderate |
CVE-2022-28285 (Firefox and Firefox ESR) | Incorrect AliasSet used in JIT Codegen | Moderate |
CVE-2022-28286 (Firefox and Firefox ESR) | iframe contents could be rendered outside the border | Low |
CVE-2022-28287 | Text Selection could crash Firefox | Low |
CVE-2022-24713 | Denial of Service via complex regular expressions | Low |
CVE-2022-28289 | Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 | High |
CVE-2022-28288 | Memory safety bugs fixed in Firefox 99 | Moderate |
CVE-2022-1196 (Firefox ESR) | Use-after-free after VR Process destruction | Moderate |
* Products affected by the bugs are mentioned in brackets.
To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
Patch ID | Bulletin ID | Patch Description |
324360 | TU-027 | Mozilla Firefox (x64) (99.0) |
324359 | TU-027 | Mozilla Firefox (99.0) |
Patch ID | Bulletin ID | Patch Description |
324362 | TU-054 | Mozilla Firefox ESR (91) (x64) (91.8.0) for Windows |
324361 | TU-054 | Mozilla Firefox ESR (91) (91.8.0) for Windows |