Issued: Thursday, 7 April, 2022 |
Last Revision: Thursday, 7 April, 2022 |
Vendor: |
Product: |
Severity Level: |
Mozilla has released critical security updates for Firefox, Firefox ESR, and Thunderbird, addressing multiple vulnerabilities. Most severe of discovered vulnerabilities could allow remote code execution on successful exploitation.
Other discovered vulnerabilities, may allow attacker to install applications, edit or delete data, or create new accounts with full user rights.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-1097 | Use-after-free in NSSToken objects | n/a |
CVE-2022-28281 | Out of bounds write due to unexpected WebAuthN Extensions | n/a |
CVE-2022-28289 | Memory safety bugs | n/a |
CVE/Vulnerability | Affected Product(s) | Fixed Version(s) |
CVE-2022-1097 CVE-2022-28281 CVE-2022-28289 | Mozilla Firefox versions prior to 99 Firefox ESR versions prior to 91.8 Thunderbird prior to 91.8 | Firefox 99 Firefox ESR 91.8 Thunderbird 91.8 |
Table 2: Vulnerable versions
Apply Mozilla's recommended upgrades to vulnerable systems as soon as possible following thorough testing.