Contents:
Multiple high-impact vulnerabilities affecting Thunderbird, Firefox ESR, and Firefox were fixed by updates from Mozilla. The bugs might have given arbitrary code execution if they were successfully exploited.
The US Cybersecurity and Infrastructure Security Agency (CISA) advises users and admins to patch the identified vulnerabilities and upgrade their systems.
Details on the Vulnerabilities
Mozilla released three advisories, addressing the issues with Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108.
According to Cybernews, all three of Mozilla’s products are impacted by one of the high-impact vulnerabilities, identified as CVE-2022-46878. According to Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team, Firefox 107 and Firefox ESR 102.5 both have memory safety issues. These flaws included those that appeared to have memory corruption, and with enough work, some of these could have been made to execute arbitrary code.
Another serious weakness, CVE-2022-46872, which affects the products of all three companies, might allow a hacker to view any file after taking control of a content process. Mozilla did point out that the particular flaw exclusively affects its Linux-only products. Attackers could use other critical flaws identified in the advisory to cause product crashes.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.