Nineteen security vulnerabilities in Mozilla Firefox, four of which are high-severity, have been fixed with the release of Firefox 102, according to SecurityWeek.
Mozilla has addressed the high-severity use-after-free flaw in nsSHistory, tracked as CVE-2022-34470, which could be exploited to prompt arbitrary code execution, browser crashes, a denial-of-service condition, or data corruption. Another high-severity bug, tracked as CVE-2022-34468, which could be abused to evade a CSP sandbox header has also been resolved, as well as the Linux-specific vulnerability, tracked as CVE-2022-34479, which could be leveraged to facilitate spoofing attacks.
The new Firefox version also addresses CVE-2022-34484, which is a collection of memory safety flaws that "showed evidence of JavaScript prototype or memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."
Meanwhile, user privacy improvements, including the activation of Enhanced Tracking Protection strict mode, have been applied in Firefox 102.
DevSecOps, Cloud Security
Several flaws patched in Firefox 102
Share
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Terms
AppletBannerClientCloud ComputingCommon Gateway Interface (CGI)CookieDLL InjectionDynamic Link LibraryFuzzingGreynetGet daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds