Firefox 102 Patches 19 Vulnerabilities, Improves Privacy
Dwelling › Vulnerabilities
Firefox 102 Patches 19 Vulnerabilities, Improves Privateness
By Ionut Arghire on June 29, 2022
Tweet
Mozilla this week introduced the provision of Firefox 102 within the steady channel with patches for 19 vulnerabilities, together with 4 high-severity bugs.
With the newest replace, Mozilla has patched CVE-2022-34470, a high-severity use-after-free difficulty in nsSHistory that was triggered when navigating between XML paperwork, and which might result in a doubtlessly exploitable crash.
Use-after-free vulnerabilities will be exploited to attain arbitrary code execution, information corruption, or denial of service, and will result in full system compromise if mixed with different flaws. Malicious web sites can exploit these bugs to flee a browser’s sandbox.
CVE-2022-34468, one other high-severity flaw addressed in Firefox 102, might permit for the bypass of a CSP sandbox header with out `allow-scripts` by utilizing a retargeted javascript: URI. Due to this difficulty, when a person clicks on a javascript: hyperlink, an iframe might run scripts with out authorization.
The brand new Firefox launch additionally resolves CVE-2022-34479, a Linux-specific difficulty that permits malicious web sites to create popup home windows that may be resized in such a way that the deal with bar can be overlayed with net content material, doubtlessly resulting in spoofing assaults.
A number of reminiscence security bugs have been assigned CVE-2022-34484, together with ones that “confirmed proof of JavaScript prototype or reminiscence corruption and we presume that with sufficient effort a few of these might have been exploited to run arbitrary code.”
Firefox 102 additionally improves person privateness by mitigating question parameter monitoring when navigating the web with Enhanced Monitoring Safety (ETP) strict mode enabled.
With ETP, Firefox confines cookies to the websites that created them, which prevents cross-site monitoring. Courtesy of the brand new functionality, Firefox can block particular monitoring parameters that web sites could also be utilizing to avoid the privateness protections that browsers have carried out.
Moreover, Firefox 102 handles audio decoding in a separate course of that options stricter sandboxing, to reinforce course of isolation.
Associated: Emergency Firefox Replace Patches Two Actively Exploited Zero-Day Vulnerabilities
Associated: New Firefox Characteristic Ups the Ante Towards Cookie-Primarily based Monitoring
Associated: Google Patches 14 Vulnerabilities With Launch of Chrome 103
Get the Every day Briefing
- Most Latest
- Most Learn
- Azure Service Material Vulnerability Can Result in Cluster Takeover
- Securing the Metaverse and Web3
- Firefox 102 Patches 19 Vulnerabilities, Improves Privateness
- CISA Requires Expedited Adoption of Fashionable Authentication Forward of Deadline
- MITRE Publishes 2022 Record of 25 Most Harmful Vulnerabilities
- CISA-Funded Undertaking Allows College students With Disabilities to Be taught Cybersecurity
- Normalyze Pronounces $22 Million for DSPM Know-how
- Google Introduces New Capabilities for Cloud Armor Net Safety Service
- CISA Says ‘PwnKit’ Linux Vulnerability Exploited in Assaults
- Cyolo Banks $60M Sequence B for ZTNA Know-how
On the lookout for Malware in All of the Improper Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Pc Says About You
Be in a Place to Act By Cyber Situational Consciousness
Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice 12 months To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
The best way to Determine Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Engaging
The best way to Defend Towards DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise
