[MFSA-2022-09] Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0
Severity
High
Affected Packages
5
Fixed Packages
5
CVEs
2
CVE-2022-26485: Use-after-free in XSLT parameter processing (critical)
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.CVE-2022-26486: Use-after-free in WebGPU IPC Framework (critical)
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
Package | Affected Version |
---|---|
pkg:mozilla/Thunderbird | < 91.6.2 |
pkg:mozilla/Firefox?os=android | < 97.3.0 |
pkg:mozilla/Firefox%20Focus | < 97.3.0 |
pkg:mozilla/Firefox%20ESR | < 91.6.1 |
pkg:mozilla/Firefox | < 97.0.2 |
Package | Fixed Version |
---|---|
pkg:mozilla/Thunderbird | = 91.6.2 |
pkg:mozilla/Firefox?os=android | = 97.3.0 |
pkg:mozilla/Firefox%20Focus | = 97.3.0 |
pkg:mozilla/Firefox%20ESR | = 91.6.1 |
pkg:mozilla/Firefox | = 97.0.2 |
- ID
- MFSA-2022-09
- Severity
- high
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-09
- Published
-
2022-03-05T00:00:00
(2 years ago) - Modified
-
2022-03-05T00:00:00
(2 years ago) - Other Advisories
-
- ALAS2-2022-1779
- ALPINE:CVE-2022-26485
- ALPINE:CVE-2022-26486
- ALSA-2022:0818
- ALSA-2022:0845
- CISA-2022:0307
- DSA-5090-1
- DSA-5094-1
- ELSA-2022-0818
- ELSA-2022-0824
- ELSA-2022-0845
- ELSA-2022-0850
- FEDORA-2022-4f28c7541d
- GLSA-202208-08
- GLSA-202208-14
- openSUSE-SU-2022:0783-1
- openSUSE-SU-2022:0804-1
- RHSA-2022:0818
- RHSA-2022:0824
- RHSA-2022:0845
- RHSA-2022:0850
- SSA:2022-064-01
- SUSE-SU-2022:0777-1
- SUSE-SU-2022:0778-1
- SUSE-SU-2022:0783-1
- SUSE-SU-2022:0804-1
- USN-5314-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1758062 | https://bugzilla.mozilla.org/show_bug.cgi?id=1758062 | |
Bugzilla | 1758070 | https://bugzilla.mozilla.org/show_bug.cgi?id=1758070 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:mozilla/Thunderbird | Thunderbird | < 91.6.2 | ||||
Fixed | pkg:mozilla/Thunderbird | Thunderbird | = 91.6.2 | ||||
Affected | pkg:mozilla/Firefox?os=android | Firefox | < 97.3.0 | ||||
Fixed | pkg:mozilla/Firefox?os=android | Firefox | = 97.3.0 | ||||
Affected | pkg:mozilla/Firefox%20Focus | Firefox Focus | < 97.3.0 | ||||
Fixed | pkg:mozilla/Firefox%20Focus | Firefox Focus | = 97.3.0 | ||||
Affected | pkg:mozilla/Firefox%20ESR | Firefox ESR | < 91.6.1 | ||||
Fixed | pkg:mozilla/Firefox%20ESR | Firefox ESR | = 91.6.1 | ||||
Affected | pkg:mozilla/Firefox | Firefox | < 97.0.2 | ||||
Fixed | pkg:mozilla/Firefox | Firefox | = 97.0.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |