- 163/2022
- High
Mozilla has released security updates to address multiple vulnerabilities in Mozilla Firefox 103 and Firefox ESR 91.12 and ESR 102.1. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
The addressed vulnerabilities could be exploited remotely to allow the attackers to perform various attacks, like browser spoofing, information disclosure, bypassing security restrictions, denial of service (DOS), spoofing, and executing arbitrary code leading to complete compromise of the vulnerable system.
Sample of the addressed vulnerabilities:
- Mozilla Firefox code execution (CVE-2022-36320):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
- Mozilla Firefox information disclosure (CVE-2022-36318):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Vulnerabilities
- CVE-2022-36314
- CVE-2022-36315
- CVE-2022-36316
- CVE-2022-36318
- CVE-2022-36319
- CVE-2022-36320
- CVE-2022-36317
- CVE-2022-2505
Mitigations
The enterprise should deploy this patch as soon as the testing phase is
completed.