Issued: Thursday, 2 June, 2022 |
Last Revision: Thursday, 2 June, 2022 |
Vendor: |
Product: |
Severity Level: |
Mozilla has released critical security updates for Firefox, Firefox ESR, and Thunderbird, addressing multiple vulnerabilities. Most severe of discovered vulnerabilities could allow remote code execution on successful exploitation.
Other discovered vulnerabilities, may allow attacker to install applications, edit or delete data, or create new accounts with full user rights.
There are currently no report of exploitation of these vulnerabilities.
CVE/Vulnerability | Description | Severity/Score |
CVE-2022-31737 | Heap buffer overflow in WebGL | High |
CVE-2022-31738 | Browser window spoof using full screen mode | High |
CVE-2022-31739 | Attacker-influenced path traversal when saving downloaded files | High |
CVE-2022-31740 | Register allocation problem in WASM on arm64 | High |
CVE-2022-31741 | Uninitialized variable leads to invalid memory read | High |
CVE-2022-31747 | Memory safety bugs | High |
CVE-2022-31748 | Memory safety bugs | High |
Table 1: Vulnerablility details
CVE/Vulnerability | Affected Product(s) | Fixed Version(s) |
CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31747 CVE-2022-31748 | Mozilla Firefox versions prior to 101 Firefox ESR versions prior to 91.10 Thunderbird versions prior to 91.10 | Firefox 101 Firefox ESR 91.10 Thunderbird 91.10 |
Table 2: Vulnerable versions
Apply Mozilla's recommended upgrades to vulnerable systems as soon as possible following thorough testing.