Mozilla released security advisories addressing several vulnerabilities in the Firefox browser. The advisories stated that the vulnerabilities ranged between high, moderate, and low impact. Released on October 18, the CVE would have impacted the browser to cause a denial of service (DoS) attacks, memory corruption, and URL leaks among other threats in the hands of cybercriminals.
The two reports — Mozilla Foundation Security Advisory 2022-44 and Mozilla Foundation Security Advisory 2022-45 — addressed over 4 vulnerabilities each. Some of the vulnerabilities detected in Firefox 106 were:
- CVE-2022-42927 – A high-impact vulnerability that could have led to cross-origin URL theft as well as other resulting redirects.
- CVE-2022-42928 – A high-impact vulnerability, it could have allowed memory corruption and exploitation crash.
- CVE-2022-42929 – A moderate-impact vulnerability could have helped cyber criminals to cause a denial of service (DoS) attack that would continue even after restarting the Firefox browser.
- CVE-2022-42930 – A moderate impact vulnerability, it could have led to a data race in the ThirdPartyUtil component if two hackers would start their CacheStorage at the same time. A data race or a concurrency bug can be used to cause unexpected behavior and crashes.
Some vulnerabilities impacting Firefox ESR 102.4 as mentioned in Security Vulnerabilities fixed in Firefox 106 — Mozilla were CVE-2022-42927, CVE-2022-42928, CVE-2022-42929 and CVE-2022-42932.
- CVE-2022-42932 – A moderate impact vulnerability, it would have caused memory corruption and would have allowed running arbitrary codes helping cybercriminals to have more access. It was found in Firefox 105 and Firefox ESR 102.3.
The cybersecurity and infrastructure security agency (CISA) also sent out alerts confirming that patches were made available in Mozilla’s recent updates. Users were urged to update both Firefox ESR and Firefox to keep threats away.