Protect Your Data and Boost Compliance: DPDP Act and Cybersecurity for Indian Manufacturers

Register Today
firefox-multiple-vulnerability

Analysis

On 18th October Mozilla issued an advisory to update their products to the latest version as their earlier version of products has multiple high to low-severity vulnerability reported by security researchers.

The vulnerabilities in Mozilla Firefox ESR prior to version 102.4 are the same origin policy a violation that could have leaked cross-origin URLs, Memory corruption in JS Engine and Denial of Service via window.print .

The vulnerabilities in Mozilla Firefox prior to version 106 are Race conditions in Document object model Workers, Username saved to a plaintext file on disk, and memory safety bugs.

Cert-in reported in a blog that with the successful exploitation of these vulnerabilities the attacker can execute arbitrary code, bypass security restrictions, and could cause a denial of service.

The vulnerabilities reported by the researchers are classified by severity and assigned with CVE in Common Vulnerability and exposures vulnerability database.

 

CVEs of Vulnerable Products

  • CVE-2022-42927
  • CVE-2022-42928
  • CVE-2022-42929
  • CVE-2022-42930
  • CVE-2022-42931
  • CVE-2022-42932

 

Prevention

  • Update the Mozilla Firefox ESR to version 102.4.
  • Update the Mozilla Firefox to version 106.

 

References

Mozilla

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.