CVE-2022-34470 Session history navigations may have led to a use-after-free and potentially exploitable crash
It is potentially exploitable, and users who encounter this issue should update as soon as possible. WebExtensions are a new type of add-on that allows
CVE-2022-26486 An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
The issue is triggered when WebGPU is enabled in a site and a malformed message is received by the browser. By sending a malformed message,
CVE-2022-31737 An attacker wrote code outside of WebGL memory, which could lead to memory corruption and a crash.
A malicious website could cause a user to inadvertently click a malicous link, leading to code execution. This vulnerability affects Thunderbird 91.10, Firefox 101,
CVE-2022-31748 Gabriele Svelto, Timothy Nikkel, Randell Jesup, and the Mozilla Fuzzing Team found memory safety bugs in Firefox 100.
It is likely that some of these issues were discovered by automated tools. For example, it is possible to use the Google fuzzing framework to
CVE-2022-29917 Mozilla developers found memory safety bugs in Firefox 99 and Firefox ESR 91.8.
This issue was fixed in Thunderbird 24.3.0.1, ESR 24.3.0.1, and Firefox 27.0.1. If you are running any
Episode
00:00:00
00:00:00