The Mozilla Foundation has patched eight High risk vulnerabilities in Firefox 107, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
According to the Mozilla Foundation Security Advisory 2022-47, Firefox 107 addressed the following eight (8) High severity vulnerabilities:
- CVE-2022-45403: Service Workers might have learned size of cross-origin media files
- CVE-2022-45404: Fullscreen notification bypass
- CVE-2022-45405: Use-after-free in InputStream implementation
- CVE-2022-45407: Loading fonts on workers was not thread-safe
- CVE-2022-45408: Fullscreen notification bypass via windowName
- CVE-2022-45409: Use-after-free in Garbage Collection
- CVE-2022-45421: Memory safety bugs.
Mozilla warned some of the memory safety bugs (CVE-2022-45421) could be exploited to run arbitrary code.
Moreover, the Firefox 107 update also addressed 11 other vulnerabilities rated Moderate or Low severity.
- ProxyNotShell POC exploit code released
- Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)
- Mozilla releases Firefox 106 with fixes for 2 High severity vulnerabilities
- Mozilla releases Firefox 105 with fixes for 3 High severity vulnerabilities
- Google releases Chrome 106 (106.0.5249.119) security update with fixes for 6 High severity vulnerabilities