Mozilla releases Firefox 98 with fixes for 4 High severity vulnerabilities

By / / Security Updates & Patches, Vulnerabilities & Exploits / CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, Firefox, Firefox98

The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 98, as well as a number of other bug fixes.

An attacker could exploit these vulnerabilities to take control of impacted systems.

As part of Mozilla Foundation Security Advisory 2022-10, Firefox 98 addressed the following four High severity vulnerabilities:

  1. CVE-2022-26383: Browser window spoof using fullscreen mode
  2. CVE-2022-26384: iframe allow-scripts sandbox bypass
  3. CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
  4. CVE-2022-26381: Use-after-free in text reflows.

To add, three other Moderate vulnerabilities were also patched.

Finally, Mozilla also released Firefox ESR 91.7.