|CERT-In Vulnerability Note
Multiple Vulnerabilities in Mozilla Firefox
Original Issue Date:July 29, 2022
Severity Rating: HIGH
- Mozilla Firefox versions prior to 103
- Mozilla Firefox ESR versions prior to 102.1
- Mozilla Firefox ESR versions prior to 91.12
Multiple vulnerabilities have been reported in Mozilla Firefox which could allow a remote attacker to bypass security restrictions, access sensitive information, perform spoofing attack, execute arbitrary code and cause a denial of service on the targeted system.
These vulnerabilities exist in Mozilla Firefox due to Memory safety bugs within the browser engine, Unexpected network load while opening local <code>.lnk </code> files, Preload Cache Bypasses Subresource Integrity, Leak of cross-site resource redirecting information while using the Performance API, Hanging of user interface while visiting a website with an overly long URL, Mouse Position spoofing with CSS transforms, Directory indexes for bundled resources reflected URL parameters. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.
Successful exploitation of these vulnerabilities could allow the attacker to bypass security restrictions, access sensitive information, perform spoofing attack, execute arbitrary code and cause a denial of service on the targeted system.
Upgrade to Mozilla Firefox version 103, Mozilla Firefox ESR version 102.1 and 91.12
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003