Request a Demo
Rewterz
Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 29, 2022
Rewterz
Rewterz Threat Update – Iranian State-Owned Company Halts Production After Cyberattack
June 29, 2022

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-34482 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to drag and drop an image to a filesystem, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.

CVE-2022-34483 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to drag and drop an image to a filesystem, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.

CVE-2022-34481 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the nsTArray_Impl::ReplaceElementsAt() function. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.

CVE-2022-2200 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by setting an undesired attribute as part of prototype pollution. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.

CVE-2022-34484 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2022-34485 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Code Execution
  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2022-34482
  • CVE-2022-34483
  • CVE-2022-34481
  • CVE-2022-2200
  • CVE-2022-34484
  • CVE-2022-34485

Affected Vendors

  • Mozilla

Affected Products

  • Mozilla Firefox 101
  • Mozilla Firefox ESR 91.10
  • Mozilla Thunderbird 101
  • Mozilla Thunderbird 91.10

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

Mozilla Firefox 102
Mozilla Firefox ESR 91.11
Mozilla Thunderbird 102 and Thunderbird 91.11