Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2022-34917 – Apache Kafka Vulnerability
September 21, 2022
Rewterz
Rewterz Threat Advisory – CVE-2022-40139 – Trend Micro Apex One Vulnerability
September 21, 2022

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-40962 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2022-40957 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by inconsistent data in instruction and data cache when creating wasm code. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause browser to crash.

CVE-2022-40956 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when injecting an HTML base element and ignoring requests. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the Content Security Policy’s base-uri settings restrictions.

CVE-2022-40961 CVSS:6.5
Mozilla Firefox for Android is vulnerable to a denial of service, caused by a stack-based buffer overflow when initializing Graphics. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause browser to crash.

CVE-2022-40958 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when injecting a cookie with certain special characters. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass secure context restrictions to set and thus overwrite cookies from a secure context, leading to session fixation and other attacks.

CVE-2022-40959 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error during iframe navigation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass FeaturePolicy restrictions.

CVE-2022-40960 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when parsing non-UTF-8 URLs in threads. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause browser to crash.

Impact

  • Code Execution
  • Denial of Service
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2022-20846
  • CVE-2022-20849 

Affected Vendors

  • Mozilla

Affected Products

  • Mozilla Firefox ESR 102.3
  • Mozilla Firefox 104

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Firefox ESR 102.3
Mozilla Firefox 105