Advisory for Mozilla Firefox Security Updates
- NIC-CERT/2022-07/333
- Date: 2022-07-27
- CVE ID: Multiple
- Severity: High
Advisory for Mozilla Firefox Security Updates
Description:
Mozilla releases vulnerabilities in Firefox which can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
Security Issues Fixed:
Mozilla update includes several security fixes in this release which includes vulnerabilities like Memory safety bugs.
Affected Products, CVE IDs :
|
CVE Id |
Description |
Affected Product |
Updates Version |
|
CVE-2022-2505 |
Memory safety bugs fixed in Firefox 103 and 102.1 |
Firefox ESR |
Firefox 103 and 102.1 |
|
CVE-2022-36320 |
Memory safety bugs fixed in Firefox 103 |
Firefox |
Firefox 103 |
|
CVE-2022-36319: |
Mouse Position spoofing with CSS transforms |
Firefox ESR |
Firefox ESR 91.12 |
|
CVE-2022-36318 |
Directory indexes for bundled resources reflected URL parameters |
Firefox ESR |
Firefox ESR 91.12 |
|
CVE-2022-36314 |
Opening local <code>.lnk</code> files could cause unexpected network loads |
Firefox ESR |
Firefox ESR 102.1 |
|
CVE-2022-36317 |
Long URL would hang Firefox for Android |
Firefox |
Firefox 103 |
|
CVE-2022-36315 |
Preload Cache Bypasses Subresource Integrity |
Firefox |
Firefox 103 |
|
CVE-2022-36316 |
Performance API leaked whether a cross-site resource is redirecting |
Firefox |
Firefox 103 |
The problem can be corrected by updating your package versions.
References:
https://www.mozilla.org/en-US/security/advisories/
