[MFSA-2022-09] Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0
Severity
High
Affected Packages
5
Fixed Packages
5
CVEs
2
CVE-2022-26485: Use-after-free in XSLT parameter processing (critical)
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.CVE-2022-26486: Use-after-free in WebGPU IPC Framework (critical)
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
| Package | Affected Version |
|---|---|
 pkg:mozilla/Thunderbird
|
< 91.6.2 |
|
pkg:mozilla/Firefox?os=android
|
< 97.3.0 |
|
pkg:mozilla/Firefox%20Focus
|
< 97.3.0 |
|
pkg:mozilla/Firefox%20ESR
|
< 91.6.1 |
|
pkg:mozilla/Firefox
|
< 97.0.2 |
| Package | Fixed Version |
|---|---|
|
pkg:mozilla/Thunderbird
|
= 91.6.2 |
|
pkg:mozilla/Firefox?os=android
|
= 97.3.0 |
|
pkg:mozilla/Firefox%20Focus
|
= 97.3.0 |
|
pkg:mozilla/Firefox%20ESR
|
= 91.6.1 |
|
pkg:mozilla/Firefox
|
= 97.0.2 |
- ID
- MFSA-2022-09
- Severity
- high
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-09
- Published
-
2022-03-05T00:00:00
(2 years ago) - Modified
-
2022-03-05T00:00:00
(2 years ago) - Other Advisories
-
-
ALAS2-2022-1779
-
ALPINE:CVE-2022-26485
-
ALPINE:CVE-2022-26486
-
ALSA-2022:0818
-
ALSA-2022:0845
-
CISA-2022:0307
-
DSA-5090-1
-
DSA-5094-1
-
ELSA-2022-0818
-
ELSA-2022-0824
-
ELSA-2022-0845
-
ELSA-2022-0850
-
FEDORA-2022-4f28c7541d
-
GLSA-202208-08
-
GLSA-202208-14
-
openSUSE-SU-2022:0783-1
-
openSUSE-SU-2022:0804-1
-
RHSA-2022:0818
-
RHSA-2022:0824
-
RHSA-2022:0845
-
RHSA-2022:0850
-
SSA:2022-064-01
-
SUSE-SU-2022:0777-1
-
SUSE-SU-2022:0778-1
-
SUSE-SU-2022:0783-1
-
SUSE-SU-2022:0804-1
-
USN-5314-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1758062 |
|
|
| Bugzilla | 1758070 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:mozilla/Thunderbird |
Thunderbird
|
< 91.6.2 | ||||
| Fixed | pkg:mozilla/Thunderbird |
Thunderbird
|
= 91.6.2 | ||||
| Affected | pkg:mozilla/Firefox?os=android |
Firefox
|
< 97.3.0 | ||||
| Fixed | pkg:mozilla/Firefox?os=android |
Firefox
|
= 97.3.0 | ||||
| Affected | pkg:mozilla/Firefox%20Focus |
Firefox Focus
|
< 97.3.0 | ||||
| Fixed | pkg:mozilla/Firefox%20Focus |
Firefox Focus
|
= 97.3.0 | ||||
| Affected | pkg:mozilla/Firefox%20ESR |
Firefox ESR
|
< 91.6.1 | ||||
| Fixed | pkg:mozilla/Firefox%20ESR |
Firefox ESR
|
= 91.6.1 | ||||
| Affected | pkg:mozilla/Firefox |
Firefox
|
< 97.0.2 | ||||
| Fixed | pkg:mozilla/Firefox |
Firefox
|
= 97.0.2 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |