The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 104, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
According to the Mozilla Foundation Security Advisory 2022-33, Firefox 104 addressed the following four High severity vulnerabilities:
- CVE-2022-38472: Address bar spoofing via XSLT error handling.
- CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent’s permissions.
- CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2.
- CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13.
Mozilla warned “some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.”
Moreover, Mozilla released updates for Mozilla Firefox ESR 91.13, Firefox ESR 102.2 and Thunderbird 91.13, and Thunderbird 102.2.