Depending on the privileges associated with the user, an attacker could then install programs view, change, or delete data or create new accounts with full user rights. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. CVE-2022-42931: Username saved to a plaintext file on disk.CVE-2022-42930: Race condition in DOM Workers.CVE-2022-42929: Denial of Service via window.print.CVE-2022-42927: Same-origin policy violation could have leaked cross-origin URLs.CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4ĭetails of lower-severity vulnerabilities are as follows:.CVE-2022-42928: Memory Corruption in JS Engine.
Details of these vulnerabilities are as follows: Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox ESR, the most severe of which could allow for arbitrary code execution. Firefox ESR 38.7 for Windows, Macintosh and Linux.Firefox 45.0 for Windows, Macintosh and Linux.Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs: A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.Ī successful attack could lead to application crash or arbitrary code execution on an affected system. These vulnerabilities are caused by memory safety bugs in the browser engine, out-of-bounds read in ServiceWorkerManager, multiple use-after-free issues, heap-based buffer overflow and a number of problems in the Graphite 2 library. Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.