The Mozilla Foundation has patched six High risk vulnerabilities in Firefox 100, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-16, Firefox 100 addressed the following six High severity vulnerabilities:
- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
- CVE-2022-29918: Memory safety bugs fixed in Firefox 100.
Mozilla warned that the memory safety bugs could be exploited to run arbitrary code.
To add, two Moderate and one Low risk vulnerabilities were also patched.
Finally, Mozilla also released Firefox ESR 91.9 and Thunderbird 91.9.