Mozilla releases Firefox 105 with fixes for 3 High severity vulnerabilities

The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 105, as well as a number of other bug fixes.

An attacker could exploit these vulnerabilities to take control of impacted systems.

According to the Mozilla Foundation Security Advisory 2022-40, Firefox 105 addressed the following three High severity vulnerabilities:

1. CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages.
2. CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads.
3. CVE-2022-40962: Memory safety bugs.

Moreover, the Firefox 105 update also addressed four other vulnerabilities rated Moderate or Low severity.

Mozilla released updates for Mozilla Firefox ESR 102.3, and ThunderBird 91.13.1.

Released Articles

• Mozilla releases Firefox 104 with fixes for 4 High severity vulnerabilities
• Microsoft releases out-of-band patch for Endpoint Configuration Manager
• Apple patches vulnerabilities in iOS 16, iOS 15.7, macOS Monterey 12.6, Big Sur 11.7 and other products