![]() ![]() Other high-risk issues patched in Firefox 96 include two use-after-free flaws (CVE-2022-22740 and CVE-2022-22737), a heap-buffer overflow (CVE-2022-22738), and an iframe sandbox bypass using XSLT (CVE-2021-4140), according to a Mozilla advisory. ![]() Kurniawan also reported an out-of-bounds memory access leading to a potentially exploitable crash (CVE-2022-22742). ![]() The bug could allow an attacker-controlled tab to prevent the browser from leaving fullscreen mode when the user navigates from inside an iframe.īoth security defects were discovered by Irvan Kurniawan, who also found that it was possible to prevent a popup window from leaving fullscreen mode when resizing the popup while requesting fullscreen access (CVE-2022-22741). Next in line is CVE-2022-22743, another fullscreen spoof, this time affecting the browser window. The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines. Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating. Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |