mickmick.net

Mozilla Products Multiple Vulnerabilities

Release Date: 24 Aug 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, data manipulation, cross-site scripting and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Data Manipulation
• Security Restriction Bypass
• Cross-Site Scripting

---

System / Technologies affected

Versions prior to:

 

• Firefox 104
• Firefox ESR 102.2
• Firefox ESR 91.13
• Thunderbird 102.2
• Thunderbird 91.13

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Update to Firefox 104
• Update to Firefox ESR 102.2
• Update to Firefox ESR 91.13
• Update to Thunderbird 102.2
• Update to Thunderbird 91.13

---

Vulnerability Identifier

• CVE-2022-38472
• CVE-2022-38473
• CVE-2022-38474
• CVE-2022-38475
• CVE-2022-38476
• CVE-2022-38477
• CVE-2022-38478

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/