

Rewterz Threat Alert – IcedID banking Trojan – Active IOC
June 2, 2022
Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
June 2, 2022
Rewterz Threat Alert – IcedID banking Trojan – Active IOC
June 2, 2022
Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
June 2, 2022Severity
Medium
Analysis Summary
CVE-2022-31743 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to correctly interpret HTML comment tags by the HTML parser. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause an incongruity with other browsers.
CVE-2022-31744 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the injection of CSS into stylesheets accessible using internal URIs. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass a page’s Content Security Policy.
CVE-2022-31745 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an incorrect assertion when array shift operations are not used. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to confuse Garbage Collector about valid objects.
CVE-2022-1919 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a memory Corruption when manipulating webp images. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2022-31748 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-1834 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by an error when displaying the sender of an email. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using a Braille space character to cause the incorrect sender email to be shown for a digitally signed email.
CVE-2022-31736 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leaking of cross-origin resource’s length. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-31737 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a heap-based buffer overflow in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2022-31738 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when exiting fullscreen mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the browser window.
CVE-2022-31739 CVSS:6.5
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-31740 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by the incorrect assembly generation leading to a register allocation problem. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2022-31741 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the incorrect processing of a specially crafted CMS message. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause an invalid memory read.
CVE-2022-31742 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a timing attack. By sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Security Bypass
- Denial of Service
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-31743
- CVE-2022-31744
- CVE-2022-31745
- CVE-2022-1919
- CVE-2022-31748
- CVE-2022-1834
- CVE-2022-31736
- CVE-2022-31737
- CVE-2022-31738
- CVE-2022-31739
- CVE-2022-31740
- CVE-2022-31741
- CVE-2022-31742
Affected Products
Mozilla Firefox 100
Mozilla Firefox ESR 91.9
Mozilla Thunderbird 91.9
Remediation
Refer to Mozilla Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Firefox 101
Mozilla Firefox ESR 91.10
Mozilla Thunderbird 91.10