Test ID:	1.3.6.1.4.1.25623.1.0.821161
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2022-13) - Windows
Summary:	Mozilla Firefox is prone to multiple; vulnerabilities.
Description:	Summary: Mozilla Firefox is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to, - Use-after-free in NSSToken objects. - Out of bounds write due to unexpected WebAuthN Extensions. - Use-after-free in DocumentL10n::TranslateDocument. - Missing security checks for fetching sourceMapURL. - Script could be executed via svg's use element. - Incorrect AliasSet used in JIT Codegen. - iframe contents could be rendered outside the border. - Text Selection could crash Firefox. - Denial of Service via complex regular expressions. - Memory safety bugs. Vulnerability Impact: Successful exploitation will allow attackers to run arbitrary code, bypass security restrictions, conduct spoofing and cause a denial of service on affected system. Affected Software/OS: Mozilla Firefox version before 99 on Windows. Solution: Upgrade to Mozilla Firefox version 99 or later, Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1097 https://bugzilla.mozilla.org/show_bug.cgi?id=1745667 https://www.mozilla.org/security/advisories/mfsa2022-13/ https://www.mozilla.org/security/advisories/mfsa2022-14/ https://www.mozilla.org/security/advisories/mfsa2022-15/ Common Vulnerability Exposure (CVE) ID: CVE-2022-28281 https://bugzilla.mozilla.org/show_bug.cgi?id=1755621 Common Vulnerability Exposure (CVE) ID: CVE-2022-28282 https://bugzilla.mozilla.org/show_bug.cgi?id=1751609 Common Vulnerability Exposure (CVE) ID: CVE-2022-28283 https://bugzilla.mozilla.org/show_bug.cgi?id=1754066 Common Vulnerability Exposure (CVE) ID: CVE-2022-28284 https://bugzilla.mozilla.org/show_bug.cgi?id=1754522 Common Vulnerability Exposure (CVE) ID: CVE-2022-28285 https://bugzilla.mozilla.org/show_bug.cgi?id=1756957 Common Vulnerability Exposure (CVE) ID: CVE-2022-28286 https://bugzilla.mozilla.org/show_bug.cgi?id=1735265 Common Vulnerability Exposure (CVE) ID: CVE-2022-28287 https://bugzilla.mozilla.org/show_bug.cgi?id=1741515 Common Vulnerability Exposure (CVE) ID: CVE-2022-24713 https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 Debian Security Information: DSA-5113 (Google Search) https://www.debian.org/security/2022/dsa-5113 Debian Security Information: DSA-5118 (Google Search) https://www.debian.org/security/2022/dsa-5118 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/ https://security.gentoo.org/glsa/202208-08 https://security.gentoo.org/glsa/202208-14 https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2022-28289 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776 Common Vulnerability Exposure (CVE) ID: CVE-2022-28288 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746415%2C1746495%2C1746500%2C1747282%2C1748759%2C1749056%2C1749786%2C1751679%2C1752120%2C1756010%2C1756017%2C1757213%2C1757258%2C1757427
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.