AVG-2714 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 97.0.2-1
Fixed 98.0-1
Current 103.0.2-1 [extra]
Ticket None
Created Sat May 14 21:05:23 2022
Issue Severity Remote Type Description
CVE-2022-26387 High Unknown Unknown
When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on...
CVE-2022-26385 Medium Yes Arbitrary code execution
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after- free causing a...
CVE-2022-26384 High Yes Unknown
If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...
CVE-2022-26383 High Yes Unknown
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
CVE-2022-26382 Medium Yes Information disclosure
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the...
CVE-2022-26381 High Yes Arbitrary code execution
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.
CVE-2022-0843 Medium Unknown Arbitrary code execution
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence...
References
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/