Mozilla sent Firefox Version 107.0 to the release channel today. The update includes seven security updates of which eight (8) are rated high, nine (9) moderate, and two (2) rated low.
Firefox ESR was updated to Version 102.5.
High
#CVE-2022-45403: Service Workers might have learned size of cross-origin media files
#CVE-2022-45404: Fullscreen notification bypass
#CVE-2022-45405: Use-after-free in InputStream implementation
#CVE-2022-45406: Use-after-free of a JavaScript Realm
#CVE-2022-45407: Loading fonts on workers was not thread-safe
#CVE-2022-45408: Fullscreen notification bypass via windowName
#CVE-2022-45409: Use-after-free in Garbage Collection
#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
Moderate
#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
#CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via intent URLs
#CVE-2022-40674: Use-after-free vulnerability in expat
#CVE-2022-45415: Downloaded file may have been saved with malicious extension
#CVE-2022-45416: Keystroke Side-Channel Leakage
#CVE-2022-45417: Service Workers in Private Browsing Mode may have been written to disk
#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
Low
#CVE-2022-45419: Deleting a security exception did not take effect immediately
#CVE-2022-45420: Iframe contents could be rendered outside the iframe
New
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment