Advisory for Mozilla Security Updates

  • NIC-CERT/2022-10/445
  • Date: 2022-10-19
  • CVE ID: Multiple
  • Severity: High

Description:

Mozillareleasessecurity advisory for vulnerabilities fixed in thunderbirdand firefox.

Security Issues Fixed:

Mozilla update includes several security fixes in this release which includes memory safety bugs, data-races.

Affected Products, CVE IDs:

CVE ID

Description

Affected Product

Updates Version

CVE-2022-42927

Same-origin policy violation could have leaked cross-origin URLs

Firefox ESR

Firefox ESR 102.4

CVE-2022-42928

Memory Corruption in JS Engine

Firefox ESR

Firefox ESR 102.4

CVE-2022-42929

Denial of Service via window.print

Firefox ESR

Firefox ESR 102.4

CVE-2022-42932

Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

Firefox ESR

Firefox ESR 102.4

CVE-2022-42930

Race condition in DOM Workers

Firefox

Firefox 106

CVE-2022-42931

Username saved to a plaintext file on disk

Firefox

Firefox 106

The problem can be corrected by updating your package versions.

References:

https://www.mozilla.org/en-US/security/advisories/