Mozilla releases security updates for Firefox (107.0), Firefox ESR (102.5.0) and Thunderbird (102.5.0)

Mozilla releases security updates for Firefox (107.0), Firefox ESR (102.5.0) and Thunderbird (102.5.0)

Hello everyone,

Mozilla has fixed several high severity security vulnerabilities in Firefox (107.0)Firefox ESR (102.5.0) and Thunderbird (102.5.0). The details of the vulnerabilities fixed are as follows:

Platform
CVE ID
Vulnerability 
Impact
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45403

Service Workers might have learned size of cross-origin media files

High
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45404

Fullscreen notification bypass

High
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45405

Use-after-free in InputStream implementation

High
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45406

Use-after-free of a JavaScript Realm

High
Firefox 107
CVE-2022-45407

Loading fonts on workers was not thread-safe

High
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45408

Fullscreen notification bypass via windowName

High
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45409

Use-after-free in Garbage Collection

High
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45410

ServiceWorker-intercepted requests bypassed SameSite cookie policy

Moderate
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45411

Cross-Site Tracing was possible via non-standard override headers

Moderate
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45412

Symlinks may resolve to partially uninitialized buffers

Moderate
Firefox 107
CVE-2022-45413

SameSite=Strict cookies could have been sent cross-site via intent URLs

Moderate
Firefox 107
CVE-2022-40674

Use-after-free vulnerability in expat

Moderate
Firefox 107
CVE-2022-45415

Downloaded file may have been saved with malicious extension

Moderate
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45416

Keystroke Side-Channel Leakage

Moderate
Firefox 107
CVE-2022-45417

Service Workers in Private Browsing Mode may have been written to disk

Moderate
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45418

Custom mouse cursor could have been drawn over browser UI

Moderate
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45419

Deleting a security exception did not take effect immediately

Low
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45420

Iframe contents could be rendered outside the iframe

Low
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5
CVE-2022-45421

Memory safety bugs fixed in Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 

High

To install this update on your machines, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once the sync is complete, search for the following Patch IDs or Bulletin ID and deploy them to your target systems.

Patch ID
Bulletin ID
Patch description
327627
TU-028
Mozilla Thunderbird 102 (x64) (102.5.0)
327626
TU-028
Mozilla Thunderbird 102 (102.5.0)
327616
TU-027
Mozilla Firefox (x64) (107.0)
327615
TU-027
Mozilla Firefox (107.0)
327618
TU-054
Mozilla Firefox ESR (102) (x64) (102.5.0)
327617
TU-054
Mozilla Firefox ESR (102) (102.5.0)
604457
MAC-007
Mozilla Thunderbird For Mac (102.5.0)
604456
MAC-006
Mozilla Firefox For Mac (107.0)
604455
MAC-111
Mozilla Firefox ESR for MAC 102.5.0

Cheers,
The ManageEngine Team



                New to ADSelfService Plus?