Headline
CVE-2022-46879: Security Vulnerabilities fixed in Firefox 108
Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108.
Mozilla Foundation Security Advisory 2022-51
Announced
December 13, 2022
Impact
high
Products
Firefox
Fixed in
- Firefox 108
#CVE-2022-46871: libusrsctp library out of date
Reporter
Mozilla Developers
Impact
high
Description
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited.
References
- Bug 1795697
#CVE-2022-46872: Arbitrary file read from a compromised content process
Reporter
Nika Layzell
Impact
high
Description
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.
This bug only affects Firefox for Linux. Other operating systems are unaffected.
References
- Bug 1799156
#CVE-2022-46873: Firefox did not implement the CSP directive unsafe-hashes
Reporter
Pete Freitag
Impact
moderate
Description
Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document.
References
- Bug 1644790
#CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
Reporter
Matthias Zoellner
Impact
moderate
Description
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could have potentially led to user confusion and the execution of malicious code.
References
- Bug 1746139
#CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
Reporter
Dohyun Lee
Impact
moderate
Description
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user’s computer.
Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.
References
- Bug 1786188
#CVE-2022-46877: Fullscreen notification bypass
Reporter
Hafiizh
Impact
low
Description
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks.
References
- Bug 1795139
#CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
Reporter
Mozilla developers
Impact
high
Description
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and Firefox ESR 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
- Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
#CVE-2022-46879: Memory safety bugs fixed in Firefox 108
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
- Memory safety bugs fixed in Firefox 108
Related news
Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity. One vulnerability is currently awaiting analysis. The list of impacted products are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000,
Debian Linux Security Advisory 5355-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab tr...
Red Hat Security Advisory 2023-0462-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0463-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0457-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab tr...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from ...
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0296-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin i...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-2...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin i...
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin i...
Debian Linux Security Advisory 5322-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Ubuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered ...
Ubuntu Security Notice 5782-2 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem.
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108.
Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9067-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9067-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9067-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2022-46881: Mozilla: Memory...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2022-46881: Mozilla: Memory...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2022-46881: Mozilla: Memory...
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Moz...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in Web...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in Web...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...