Firefox, Firefox ESR and Thunderbird are vulnerable, attackers could, among other things, manipulate the full-screen mode or even run malicious code on computers.
In the alerts, Mozilla has the threat level of the vulnerabilities in the web browsers and din Mailclient mostly as “high“. After successful attacks, attackers could, for example, run tabs permanently in full-screen mode (CVE-2022-22743 “high“). Victims should not be able to end this state.
When pasting text (CVE-2022-22742″high“) memory errors (out-of-bounds) can occur. This is usually a gateway for malicious code. Playing audio can also lead to such errors (CVE-2022-22737 “high“).
Patch now!
The developers indicate security problems in the versions Firefox 96, Firefox ESR 91.5 and Thunderbird 91.5 to have solved.
(from)
