|CERT-In Vulnerability Note
Multiple Vulnerabilities in Mozilla Products
Original Issue Date:August 29, 2022
Severity Rating: HIGH
- Mozilla Firefox Thunderbird versions prior to 91.13 & 102.2
- Mozilla Firefox ESR versions prior to 91.13 & 102.2
- Mozilla Firefox versions prior to 104
Multiple vulnerabilities have been reported in Mozilla products which could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.
These vulnerabilities exist in Mozilla Firefox due to abuse of XSLT error handling, cross-origin iframe referencing an XSLT document, data race in the PK11_ChangePW function that results in a use-after-free error and memory safety bugs within the browser engine. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.
Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.
- Upgrade to Mozilla Firefox Thunderbird versions 91.13 and 102.2, Firefox ESR versions 91.13 and 102.2, and Mozilla Firefox version 104
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003