The Mozilla Foundation has patched eight High risk vulnerabilities in Firefox 107, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
According to the Mozilla Foundation Security Advisory 2022-47, Firefox 107 addressed the following eight (8) High severity vulnerabilities:
- CVE-2022-45403: Service Workers might have learned size of cross-origin media files
- CVE-2022-45404: Fullscreen notification bypass
- CVE-2022-45405: Use-after-free in InputStream implementation
- CVE-2022-45406: Use-after-free of a JavaScript Realm
- CVE-2022-45407: Loading fonts on workers was not thread-safe
- CVE-2022-45408: Fullscreen notification bypass via windowName
- CVE-2022-45409: Use-after-free in Garbage Collection
- CVE-2022-45421: Memory safety bugs.
Mozilla warned some of the memory safety bugs (CVE-2022-45421) could be exploited to run arbitrary code.
Moreover, the Firefox 107 update also addressed 11 other vulnerabilities rated Moderate or Low severity.
Also, Mozilla released updates for Mozilla Thunderbird 102.5, Firefox ESR 102.5.
Released Articles
- ProxyNotShell POC exploit code released
- Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)
- Mozilla releases Firefox 106 with fixes for 2 High severity vulnerabilities
- Mozilla releases Firefox 105 with fixes for 3 High severity vulnerabilities
- Google releases Chrome 106 (106.0.5249.119) security update with fixes for 6 High severity vulnerabilities