Hello everyone,
Platform | CVE ID | Vulnerability | Impact |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45403 | Service Workers might have learned size of cross-origin media files | High |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45404 | Fullscreen notification bypass | High |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45405 | Use-after-free in InputStream implementation | High |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45406 | Use-after-free of a JavaScript Realm | High |
Firefox 107 | CVE-2022-45407 | Loading fonts on workers was not thread-safe | High |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45408 | Fullscreen notification bypass via windowName | High |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45409 | Use-after-free in Garbage Collection | High |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45410 | ServiceWorker-intercepted requests bypassed SameSite cookie policy | Moderate |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45411 | Cross-Site Tracing was possible via non-standard override headers | Moderate |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45412 | Symlinks may resolve to partially uninitialized buffers | Moderate |
Firefox 107 | CVE-2022-45413 | SameSite=Strict cookies could have been sent cross-site via intent URLs | Moderate |
Firefox 107 | CVE-2022-40674 | Use-after-free vulnerability in expat | Moderate |
Firefox 107 | CVE-2022-45415 | Downloaded file may have been saved with malicious extension | Moderate |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45416 | Keystroke Side-Channel Leakage | Moderate |
Firefox 107 | CVE-2022-45417 | Service Workers in Private Browsing Mode may have been written to disk | Moderate |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45418 | Custom mouse cursor could have been drawn over browser UI | Moderate |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45419 | Deleting a security exception did not take effect immediately | Low |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45420 | Iframe contents could be rendered outside the iframe | Low |
Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | CVE-2022-45421 | Memory safety bugs fixed in Firefox 107, Firefox ESR 102.5 and Thunderbird 102.5 | High |
Patch ID | Bulletin ID | Patch description |
327627 | TU-028 | Mozilla Thunderbird 102 (x64) (102.5.0) |
327626 | TU-028 | Mozilla Thunderbird 102 (102.5.0) |
327616 | TU-027 | Mozilla Firefox (x64) (107.0) |
327615 | TU-027 | Mozilla Firefox (107.0) |
327618 | TU-054 | Mozilla Firefox ESR (102) (x64) (102.5.0) |
327617 | TU-054 | Mozilla Firefox ESR (102) (102.5.0) |
604457 | MAC-007 | Mozilla Thunderbird For Mac (102.5.0) |
604456 | MAC-006 | Mozilla Firefox For Mac (107.0) |
604455 | MAC-111 | Mozilla Firefox ESR for MAC 102.5.0 |