Mozilla fixes several high severity vulnerabilities in Firefox, Firefox ESR and Thunderbird

Mozilla fixes several high severity vulnerabilities in Firefox, Firefox ESR and Thunderbird

Hey everyone,

 

Mozilla has released fixes for several high-severity vulnerabilities in Firefox 105.0, Firefox ESR 102.3.0 and Thunderbird 102.3.0. The details of the vulnerabilities fixed can be found below:


CVE ID
 Description 
 Severity


CVE-2022-40959

(Firefox, Firefox ESR and Thunderbird)

Bypassing FeaturePolicy restrictions on transient pages
High


CVE-2022-40960

(Firefox, Firefox ESR and Thunderbird)

   Data-race when parsing non-UTF-8 URLs
in threads
High


CVE-2022-40958

(Firefox, Firefox ESR and Thunderbird)

Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
Moderate


CVE-2022-40961
(Firefox)

Stack-buffer overflow when initializing Graphics  
Moderate


CVE-2022-40956

(Firefox, Firefox ESR and Thunderbird)

Content-Security-Policy base-uri bypass  
Low


CVE-2022-40957

(Firefox, Firefox ESR and Thunderbird)

Incoherent instruction cache when building WASM on ARM64
Low


CVE-2022-40962

(Firefox, Firefox ESR and Thunderbird)

Memory safety bugs fixed in Firefox 105
and Firefox ESR 102.3
High


CVE-2022-3155
(Thunderbird)

Attachment files saved to disk on macOS could be executed without warning
Low

* Products affected by the bugs are mentioned in brackets.

 

To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

Firefox 105.0

Patch ID
Bulletin ID
Patch description 
326699
TU-027
Mozilla Firefox (x64) (105.0)
326698
TU-027
Mozilla Firefox (105.0)

Firefox ESR 102.3.0

Patch ID
Bulletin ID
Patch description
326701
TU-054
Mozilla Firefox ESR (102) (x64) (102.3.0)
326700
TU-054
Mozilla Firefox ESR (102) (102.3.0)

Thunderbird 102.3.0

Patch ID
Bulletin ID
Patch description 
326703
TU-028
Mozilla Thunderbird (102) (x64) (102.3.0) 
326702
TU-028
Mozilla Thunderbird (102) (102.3.0)

Cheers,

The ManageEngine Team


      New to ADSelfService Plus?

        Resources

                Related Products