Advisory for Mozilla Firefox Security Updates

  • NIC-CERT/2022-07/333
  • Date: 2022-07-27
  • CVE ID: Multiple
  • Severity: High

Description:

Mozilla releases vulnerabilities in Firefox which can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.

Security Issues Fixed:

Mozilla update includes several security fixes in this release which includes vulnerabilities like Memory safety bugs.

Affected Products, CVE IDs :

CVE Id

Description

Affected Product

Updates Version

CVE-2022-2505

Memory safety bugs fixed in Firefox 103 and 102.1

Firefox ESR

Firefox 103 and 102.1

CVE-2022-36320

Memory safety bugs fixed in Firefox 103

Firefox

Firefox 103

CVE-2022-36319:

Mouse Position spoofing with CSS transforms

Firefox ESR

Firefox ESR 91.12

CVE-2022-36318

Directory indexes for bundled resources reflected URL parameters

Firefox ESR

Firefox ESR 91.12

CVE-2022-36314

Opening local <code>.lnk</code> files could cause unexpected network loads

Firefox ESR

Firefox ESR 102.1

CVE-2022-36317

Long URL would hang Firefox for Android

Firefox

Firefox 103

CVE-2022-36315

Preload Cache Bypasses Subresource Integrity

Firefox

Firefox 103

CVE-2022-36316

Performance API leaked whether a cross-site resource is redirecting

Firefox

Firefox 103

The problem can be corrected by updating your package versions.

References:

https://www.mozilla.org/en-US/security/advisories/