Analysis
On 18th October Mozilla issued an advisory to update their products to the latest version as their earlier version of products has multiple high to low-severity vulnerability reported by security researchers.
The vulnerabilities in Mozilla Firefox ESR prior to version 102.4 are the same origin policy a violation that could have leaked cross-origin URLs, Memory corruption in JS Engine and Denial of Service via window.print .
The vulnerabilities in Mozilla Firefox prior to version 106 are Race conditions in Document object model Workers, Username saved to a plaintext file on disk, and memory safety bugs.
Cert-in reported in a blog that with the successful exploitation of these vulnerabilities the attacker can execute arbitrary code, bypass security restrictions, and could cause a denial of service.
The vulnerabilities reported by the researchers are classified by severity and assigned with CVE in Common Vulnerability and exposures vulnerability database.
CVEs of Vulnerable Products
- CVE-2022-42927
- CVE-2022-42928
- CVE-2022-42929
- CVE-2022-42930
- CVE-2022-42931
- CVE-2022-42932
Prevention
- Update the Mozilla Firefox ESR to version 102.4.
- Update the Mozilla Firefox to version 106.
References
Mozilla