Issued: Thursday, 27 October, 2022 |
Last Revision: Thursday, 27 October, 2022 |
Vendor: |
Product: |
Severity Level: |
Multiple High severity vulnerabilities have been discovered in Mozilla Firefox, Firefox ESR and in Thunderbird Could Allow for Arbitrary Code Execution.
| CVE/Vulnerability | Description | Severity | Exploitable |
| |
| CVE-2022-42927 | Same-origin policy violation could have leaked cross-origin URLs.
IT can cause a redirection of URL to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. | High | No |
| |
| CVE-2022-42928 | Memory Corruption in JS Engine
Potential impacts of these vulnerabilities include remote execution of arbitrary code and denial of service. | High | No |
| |
| CVE-2022-42929 | Denial of Service via window.printIf
A website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings | High | No |
| |
Table 1: Vulnerability details
| CVE/Vulnerability | Product(s) Detail |
| |
| CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 | Firefox prior version to 106 Firefox ESR prior version to 102.4 Thunderbird prior version to 102.4 |
| |
Table 2: Vulnerable versions
Mozilla recommends to update the affected product versions to latest.