CVE-2022-31748 Gabriele Svelto, Timothy Nikkel, Randell Jesup, and the Mozilla Fuzzing Team found memory safety bugs in Firefox 100.
It is likely that some of these issues were discovered by automated tools. For example, it is possible to use the Google fuzzing framework to
CVE-2022-34485 Mozilla developers found vulnerabilities in Firefox 101.
It is highly recommended to upgrade your installations to latest stable version as soon as possible. For Debian/Ubuntu users there are repositories with latest
CVE-2022-45412 A symlink can produce an error message with a memory buffer when it is resolved to a string.
It is caused by a bug in the implementation of the ''enumerateSymbolicNameEntries'' method that is used by the ''FileSystemEnumerator&
CVE-2022-22763 When a worker is shutdown, it is possible to cause script to run late in the lifecycle.
It does not affect Windows or OS X versions ofThunderbird or Firefox. Workarounds for this will be available until a new stable version is released.
CVE-2022-34468 An iframe with scripts that are disabled could run scripts if the user clicks a code>javascript:/code> link.
This issue was fixed in Firefox 102, Thunderbird 102, and Thunderbird 91.11. Users of Firefox 66 and Firefox ESR 52 on Windows who visit
Episode
00:00:00
00:00:00