The Mozilla Foundation has patched eight High risk vulnerabilities in Firefox 101, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-20, Firefox 101 addressed the following eight High severity vulnerabilities:
- CVE-2022-31736: Cross-Origin resource’s length leaked
- CVE-2022-31737: Heap buffer overflow in WebGL
- CVE-2022-31738: Browser window spoof using fullscreen mode
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
- CVE-2022-31740: Register allocation problem in WASM on arm64
- CVE-2022-31741: Uninitialized variable leads to invalid memory read
- CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
- CVE-2022-31748: Memory safety bugs fixed in Firefox 101.
Mozilla warned that the memory safety bugs could be exploited to run arbitrary code.
To add, four Moderate and one Low risk vulnerabilities were also patched.