Request a Demo
Rewterz
Rewterz Threat Alert – Trickbot Malware – Active IOCs
July 28, 2022
Rewterz
Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
July 28, 2022

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-2505 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2022-36320 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2022-36316 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when using the Performance API. By persuading a victim to visit a specially-crafted Web site, a remote attacker could notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect.

CVE-2022-36315 CVSS:5.7
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when loading a script with Subresource Integrity. By persuading a victim to visit a specially-crafted Web site, a remote attacker with injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.

CVE-2022-36314 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when opening a Windows shortcut from the local filesystem. By persuading a victim to visit a specially-crafted Web site, a remote attacker could supply a remote path that would lead to unexpected network requests from the operating system.

CVE-2022-36318 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a race condition during the initialization of a new content process. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to disclose heap addresses from the parent process.

CVE-2022-36317 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by an error during a session restore. By persuading a victim to visit a specially-crafted Web site with an overly long URL, a remote attacker could exploit this vulnerability to cause the user interface to hang.

CVE-2022-36319 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when combining CSS properties for overflow and transform. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the mouse position.

Impact

  • Code Execution
  • Information Disclosure
  • Security Bypass
  • Denial of Service
  • Unauthorized Access

Indicators Of Compromise

CVE

  • CVE-2022-2505
  • CVE-2022-36320
  • CVE-2022-36316
  • CVE-2022-36315
  • CVE-2022-36314
  • CVE-2022-36318
  • CVE-2022-36317
  • CVE-2022-36319

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox 102
  • Mozilla Firefox ESR 102
  • Mozilla Firefox ESR 91.11

Remediation

Refer to Mozilla Firefox Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Firefox 103
Mozilla Firefox ESR 91.12
Mozilla Firefox ESR 102.1