[Security News]Mozilla releases latest browser “Firefox 102” –Fixed 19 vulnerabilities (1st page / 1 page in total): Security NEXT

The Mozilla Foundation has released the latest browser, Firefox 102. It solves multiple vulnerabilities.

This update addresses a total of 19 vulnerabilities based on CVE, although the impact varies depending on the platform used. It does not include the “Critical” vulnerabilities that are considered to be the most important of the four levels.

There are 4 vulnerabilities that are considered to be “High”, which is the second most important. Specifically, the “Use After Free” vulnerability “CVE-2022-34470” that uses the memory after release and the CSP sandbox bypass “CVE-2022-34468” have been fixed.

In addition, the memory vulnerability “CVE-2022-34484” and “CVE-2022-34479” that may be displayed in the address bar with pop-ups in the Linux version have been resolved.

In addition to fixing 11 vulnerabilities that are considered to be “Moderate”, which is one level less important, it also supports 4 cases that are considered to be “Low”. In addition, the extended support version “Firefox ESR 91.11” that addresses 9 vulnerabilities has also been released.

The vulnerabilities fixed in “Firefox 102” are as follows.

CVE-2022-2200
CVE-2022-34468
CVE-2022-34469
CVE-2022-34470
CVE-2022-34471
CVE-2022-34472
CVE-2022-34473
CVE-2022-34474
CVE-2022-34475
CVE-2022-34476
CVE-2022-34477
CVE-2022-34478
CVE-2022-34479
CVE-2022-34480
CVE-2022-34481
CVE-2022-34482
CVE-2022-34483
CVE-2022-34484
CVE-2022-34485

（Security NEXT – 2022/06/29 ）

Tweet

PR

Related article

Personal information of another person on the back of the handouts of the nursery center user, erroneous operation after interrupt printing –Funabashi City
Blind SQLi attack on inquiry system, possibility of email address leakage –Nagoya University
Letter of appreciation to researchers and practitioners who have contributed to security measures –JPCERT / CC
Letter of appreciation to 8 security experts and PSIRT-JPCERT / CC
About 700,000 personal information may be leaked by Disk Union-password etc.
Misdistribution of student test result list in junior high school –Kashiwa City
Mis-sending member’s personal information to another person in a marriage support project-Kagawa Prefecture
Unauthorized access to Yano Research Institute-Account information leaked due to SQLi attack
Ransom damage to employment support companies for persons with disabilities-Is the “Phobos” variant involved?
“Cyber ​​Defense Symposium Atami 2022” will be held in August-Cyber ​​warfare seen from the Russian crow war