Mozilla releases Firefox 107 with fixes for 8 High severity vulnerabilities

The Mozilla Foundation has patched eight High risk vulnerabilities in Firefox 107, as well as a number of other bug fixes.

An attacker could exploit these vulnerabilities to take control of impacted systems.

According to the Mozilla Foundation Security Advisory 2022-47, Firefox 107 addressed the following eight (8) High severity vulnerabilities:

  1. CVE-2022-45403: Service Workers might have learned size of cross-origin media files
  2. CVE-2022-45404: Fullscreen notification bypass
  3. CVE-2022-45405: Use-after-free in InputStream implementation
  4. CVE-2022-45406: Use-after-free of a JavaScript Realm
  5. CVE-2022-45407: Loading fonts on workers was not thread-safe
  6. CVE-2022-45408: Fullscreen notification bypass via windowName
  7. CVE-2022-45409: Use-after-free in Garbage Collection
  8. CVE-2022-45421: Memory safety bugs.

Mozilla warned some of the memory safety bugs (CVE-2022-45421) could be exploited to run arbitrary code.

Moreover, the Firefox 107 update also addressed 11 other vulnerabilities rated Moderate or Low severity.

Also, Mozilla released updates for Mozilla Thunderbird 102.5Firefox ESR 102.5.

Released Articles