DevSecOps, Cloud Security

Several flaws patched in Firefox 102

Nineteen security vulnerabilities in Mozilla Firefox, four of which are high-severity, have been fixed with the release of Firefox 102, according to SecurityWeek. Mozilla has addressed the high-severity use-after-free flaw in nsSHistory, tracked as CVE-2022-34470, which could be exploited to prompt arbitrary code execution, browser crashes, a denial-of-service condition, or data corruption. Another high-severity bug, tracked as CVE-2022-34468, which could be abused to evade a CSP sandbox header has also been resolved, as well as the Linux-specific vulnerability, tracked as CVE-2022-34479, which could be leveraged to facilitate spoofing attacks. The new Firefox version also addresses CVE-2022-34484, which is a collection of memory safety flaws that "showed evidence of JavaScript prototype or memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." Meanwhile, user privacy improvements, including the activation of Enhanced Tracking Protection strict mode, have been applied in Firefox 102.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.