Multiple vulnerabilities in Mozilla Products
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: HIGH
Software Affected
Mozilla Firefox versions prior to 107
Mozilla Firefox ESR versions prior to 102.5
Mozilla Thunderbird versions prior to 102.5
Overview
Multiple vulnerabilities have been reported in Mozilla products, which
could allow an attacker to bypass security restrictions, execute arbitrary
code, gain access to potentially sensitive information, perform Cross-Site
Scripting (XSS) attacks, perform spoofing attacks or cause a denial of
service (DoS) condition on the targeted system.
Description
These vulnerabilities exist in Mozilla Products due to cross-origin policy
violations, a flaw in the handling of a series of popups and window.print()
events, Use-after-free in Input Stream implementation, Java Script Realm,
Garbage collection, expat, a use-after-free while loading a font using
FontFace(), an error when handling Same Site cookies, non-standard headers,
a boundary condition when resolving a symlink such as
file:///proc/self/fd/1, insecure handling of downloaded files, Keystroke
Side-Channel Leakage, incorrect detection of private browsing mode by
Service Workers, incorrect processing of custom mouse cursor, improper
handling deletion of a security exception granted for an invalid TLS
certificate, tables inside of an iframe and memory corruption error. A
remote attacker could exploit these vulnerabilities by persuading a victim
to visit a specially-crafted Web site.
Successful exploitation of these vulnerabilities could allow a remote
attacker to bypass security restrictions, execute arbitrary code, gain
access to potentially sensitive information, perform Cross-Site Scripting
(XSS) attacks, perform spoofing attacks or cause a denial of service (DoS)
condition on the targeted system.
Solution
Apply appropriate software updates as mentioned in the Mozilla Security
Advisory:
Vendor Information
Mozilla
References
Mozilla
CVE Name
CVE-2022-45403
CVE-2022-45404
CVE-2022-45405
CVE-2022-45406
CVE-2022-45407
CVE-2022-45408
CVE-2022-45409
CVE-2022-45410
CVE-2022-45411
CVE-2022-45412
CVE-2022-45413
CVE-2022-40674
CVE-2022-45415
CVE-2022-45416
CVE-2022-45417
CVE-2022-45418
CVE-2022-45419
CVE-2022-45420
CVE-2022-45421
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.