Hello everyone,
Platform | CVE ID | Vulnerability | Impact |
Firefox 108 | CVE-2022-46871 | libusrsctp library out of date | High |
Firefox 108, Firefox ESR 102.6 and Thunderbird 102.6 | CVE-2022-46872 | Arbitrary file read from a compromised content process | High |
Firefox 108 | CVE-2022-46873 | Firefox did not implement the CSP directive unsafe-hashes | Moderate |
Firefox 108, Firefox ESR 102.6 and Thunderbird 102.6 | CVE-2022-46874 | Drag and Dropped Filenames could have been truncated to malicious extensions | Moderate |
Firefox 108, Firefox ESR 102.6 and Thunderbird 102.6 | CVE-2022-46875 | Download Protections were bypassed by .atloc and .ftploc files on Mac OS | Moderate |
Firefox 108 | CVE-2022-46877 | Fullscreen notification bypass | Low |
Firefox 108, Firefox ESR 102.6 and Thunderbird 102.6 | CVE-2022-46878 | Memory safety bugs fixed in Firefox 108, Firefox ESR 102.6 and Thunderbird 102.6 | High |
Firefox 108 | CVE-2022-46879 | Memory safety bugs fixed in Firefox 108 | High |
Firefox ESR 102.6 and Thunderbird 102.6 | CVE-2022-46880 | Use-after-free in WebGL | High |
Firefox ESR 102.6 and Thunderbird 102.6 | CVE-2022-46881 | Memory corruption in WebGL | High |
Firefox ESR 102.6 and Thunderbird 102.6 | CVE-2022-46882 | Use-after-free in WebGL | Moderate |
To install this update on your machines, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once the sync is complete, search for the following Patch IDs or Bulletin ID and deploy them to your target systems.
Patch ID | Bulletin ID | Patch description |
328100 | TU-028 | Mozilla Thunderbird (102) (102.6.0) |
328101 | TU-028 | Mozilla Thunderbird (102) (x64) (102.6.0) |
328095 | TU-027 | Mozilla Firefox (108.0) |
328096 | TU-027 | Mozilla Firefox (x64) (108.0) |
328099 | TU-054 | Mozilla Firefox ESR (102) (102.6.0) |
328102 | TU-054 | Mozilla Firefox ESR (102) (x64) (102.6.0) |
Cheers,
The ManageEngine Team