RHSA-2022:5479HighCVSS 9.8
Red Hat Security Advisory: firefox security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2022-2200 — Mozilla: Undesired attributes could be set as part of prototype pollution
CVE-2022-31744 — Mozilla: CSP bypass enabling stylesheet injection
CVE-2022-34468 — Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI
CVE-2022-34470 — Mozilla: Use-after-free in nsSHistory
CVE-2022-34472 — Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
CVE-2022-34479 — Mozilla: A popup window could be resized in a way to overlay the address bar with web content
CVE-2022-34481 — Mozilla: Potential integer overflow in ReplaceElementsAt
CVE-2022-34484 — Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2022:5479
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102161
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102162
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102163
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102164
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102165
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102166
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102168
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2102169
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5479.json