CVE-2022-29917 Mozilla developers found memory safety bugs in Firefox 99 and Firefox ESR 91.8.
This issue was fixed in Thunderbird 24.3.0.1, ESR 24.3.0.1, and Firefox 27.0.1. If you are running any
CVE-2022-36315 Subresource Integrity protects against script reuse when an injection attack occurs.
If the integrity service is enabled for a script, it can be triggered by injecting a fake script that appears to come from a trusted
CVE-2022-22740 Network request handles were freed too early which could lead to a use after free and exploitable crash.
We have fixed this issue in the latest ESR and FF versions. We no longer free network request handles during shutdown, which prevents the use-after-free
CVE-2022-29914 Reusing existing popups could have allowed for browser spoofing attacks.
Thunderbird and Firefox are not vulnerable if they are using the --force-fullscreen command line argument. All versions of the browser are vulnerable to clickjacking if
CVE-2022-22742 Text in edit mode might have lead to exploitable crash.
This issue was fixed in Firefox ESR version 91.5, and Thunderbird version 31.5.
An out-of-bounds read was possible when manipulating arrays with certain
Episode
00:00:00
00:00:00