- 241/2022
- High
Mozilla has released security updates to fix vulnerabilities in Firefox 106 and Firefox ESR 102.4. The remote attacker could exploit these vulnerabilities to take control of the affected system, bypass security restrictions and cause a denial of service.
The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw by persuading the victim to visit a specially-crafted website, the attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
Sample of The Addressed Vulnerabilities:
1- Mozilla Firefox and Firefox ESR code execution (CVE-2022-42928):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2- Mozilla Firefox and Firefox ESR security bypass (CVE-2022-42927):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
Vulnerabilities
- CVE-2022-42927
- CVE-2022-42928
- CVE-2022-42929
- CVE-2022-42930
- CVE-2022-42931
- CVE-2022-42932
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.