AVG-2709 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 99.0.1-1
Fixed 100.0-1
Current 107.0-1 [extra]
Ticket None
Created Sat May 14 19:37:10 2022
Issue Severity Remote Type Description
CVE-2022-29918 High Yes Arbitrary code execution
Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed...
CVE-2022-29917 High Yes Arbitrary code execution
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...
CVE-2022-29916 High Yes Information disclosure
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the...
CVE-2022-29915 Low Yes Information disclosure
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects.
CVE-2022-29914 High Yes Content spoofing
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.
CVE-2022-29912 Medium Yes Insufficient validation
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.
CVE-2022-29911 High Yes Arbitrary code execution
An improper implementation of the new iframe sandbox keyword allow- top-navigation-by-user-activation could lead to script execution without allow-scripts...
CVE-2022-29909 High Yes Privilege escalation
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and...
References
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/