Firefox Fixed Many High Rated Security Vulnerability in version 107

High Impact vulnerability include information discloser, Fullscreen notification bypass,ServiceWorker-intercepted requests bypassed SameSite cookie policy, crash and spoofing attack.
Firefox fix the following cve


CVE-2022-45403: Service Workers might have learned size of cross-origin media files
CVE-2022-45404: Fullscreen notification bypass
CVE-2022-45405: Use-after-free in InputStream implementation
CVE-2022-45406: Use-after-free of a JavaScript Realm
CVE-2022-45407: Loading fonts on workers was not thread-safe
CVE-2022-45408: Fullscreen notification bypass via windowName
CVE-2022-45409: Use-after-free in Garbage Collection
CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via intent URLs
CVE-2022-40674: Use-after-free vulnerability in expat
CVE-2022-45415: Downloaded file may have been saved with malicious extension
CVE-2022-45416: Keystroke Side-Channel Leakage
CVE-2022-45417: Service Workers in Private Browsing Mode may have been written to disk
CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
CVE-2022-45419: Deleting a security exception did not take effect immediately
CVE-2022-45420: Iframe contents could be rendered outside the iframe
CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Iranian Cyber Threats Intensify Against U.S. Defense and OT Networks, Warn Federal Agencies

U.S. Agencies Warn of Escalating Iranian Cyber Threats to Defense and Critical Infrastructure Multiple U.S. cybersecurity and intelligence a...