The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 105, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
According to the Mozilla Foundation Security Advisory 2022-40, Firefox 105 addressed the following three High severity vulnerabilities:
- CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages.
- CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40962: Memory safety bugs.
Moreover, the Firefox 105 update also addressed four other vulnerabilities rated Moderate or Low severity.
Mozilla released updates for Mozilla Firefox ESR 102.3, and ThunderBird 91.13.1.