Mozilla fixes several high severity vulnerabilities in Firefox, Firefox ESR and Thunderbird
Hey everyone,
Mozilla has released fixes for several high-severity vulnerabilities in Firefox 105.0, Firefox ESR 102.3.0 and Thunderbird 102.3.0. The details of the vulnerabilities fixed can be found below:
CVE ID | Description | Severity |
| Bypassing FeaturePolicy restrictions on transient pages | High |
| Data-race when parsing non-UTF-8 URLs in threads | High |
| Bypassing Secure Context restriction for cookies with __Host and __Secure prefix | Moderate |
| Stack-buffer overflow when initializing Graphics | Moderate |
| Content-Security-Policy base-uri bypass | Low |
| Incoherent instruction cache when building WASM on ARM64 | Low |
| Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 | High |
| Attachment files saved to disk on macOS could be executed without warning | Low |
* Products affected by the bugs are mentioned in brackets.
To install these patches, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
Firefox 105.0
Patch ID | Bulletin ID | Patch description |
326699 | TU-027 | Mozilla Firefox (x64) (105.0) |
326698 | TU-027 | Mozilla Firefox (105.0) |
Firefox ESR 102.3.0
Patch ID | Bulletin ID | Patch description |
326701 | TU-054 | Mozilla Firefox ESR (102) (x64) (102.3.0) |
326700 | TU-054 | Mozilla Firefox ESR (102) (102.3.0) |
Thunderbird 102.3.0
Patch ID | Bulletin ID | Patch description |
326703 | TU-028 | Mozilla Thunderbird (102) (x64) (102.3.0) |
326702 | TU-028 | Mozilla Thunderbird (102) (102.3.0) |
Cheers,
The ManageEngine Team