Patches for 19 vulnerabilities, including 4 high-severity bugs, have been implemented in Mozilla’s latest update for Firefox.

Mozilla recently patched CVE-2022-34470, a high-severity bug which could lead to an exploitable crash. The use-after-free issue could be triggered when going between XML documents. These types of vulnerabilities can lead to a complete system compromise if combined with other security flaws. Use-after-free vulnerabilities can be utilized for data corruption, denial of service, and arbitrary code execution.

Another high-severity flaw, CVE-2022-34468, could allow a bypass of a CSP sandbox header without ‘allow-scripts’. This can be done using a retargeted javascript: URI. If a user clicks on a javascript: link, it’s possible for an iframe to run scripts without authorization.

Mozilla also resolved a Linux-specific issue, CVE-2022-34479, which allows fraudulent websites to resize popups where the address bar is overlaid by web content.

In addition to these bug fixes, Firefox 102 improves user privacy with the blocking of specific tracking parameters.

Sign up to our mailing list to receive more IT related educational information:

You may unsubscribe from our newsletter at any time.

Leave a Reply

Your email address will not be published.