The Mozilla Foundation has patched three High risk vulnerabilities in Firefox 99, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-13, Firefox 99 addressed the following three High severity vulnerabilities:
- CVE-2022-1097: Use-after-free in NSSToken objects
- CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
- CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8.
To add, four Moderate and three Low risk vulnerabilities were also patched.
Finally, Mozilla also released Firefox ESR 91.8, and Thunderbird 91.8.