The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 102, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-24, Firefox 102 addressed the following four High severity vulnerabilities:
- CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content.
- CVE-2022-34470: Use-after-free in nsSHistory.
- CVE-2022-34468: CSP sandbox header without
allow-scripts
can be bypassed via retargeted javascript: URI. - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11.
Also, Mozilla addressed one Moderate rated vulnerability (CVE-2022-34478) in ms-msdt, search, and search-ms protocols that have been known to be exploited in the wild in other applications. However, there was no known exploit through Firefox.
Nine other Moderate and four Low rated vulnerabilities were also addressed in the Firefox 102 release.
Finally, Mozilla also released Firefox ESR 91.11 and Thunderbird 91.11 and 102 to fix multiple vulnerabilities and bug fixes.