© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Firefox and Thunderbird flaws allowed system takeover


Mozilla released updates addressing several vulnerabilities impacting Thunderbird, Firefox ESR, and Firefox. If exploited, the flaws could have allowed arbitrary code execution.

Mozilla’s latest batch of updates addressed several high-impact vulnerabilities that affect the Firefox browser, its enterprise version Firefox ESR and the email application Thunderbird.

US Cybersecurity and Infrastructure Security Agency (CISA) encouraged users and admins to take note of Mozilla’s updates and upgrade their systems.

“An attacker could exploit these vulnerabilities to take control of an affected system,” CISA’s advisory said.

Mozilla released three advisories of its own, addressing the issues with Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108.

One of the high-impact vulnerabilities, tracked as CVE-2022-46878, affects all three of Mozilla’s products. According to the company’s advisory, the bug showed evidence of memory corruption.

“We presume that with enough effort, some of these could have been exploited to run arbitrary code,” Mozilla’s advisory read.

Another high-impact flaw affecting all three company’s products, CVE-2022-46872, could allow an attacker who compromised a content process to read arbitrary files.

However, Mozilla noted that the specific bug only affects its products for Linux operating system. Other high-impact bugs mentioned in the advisory would enable attackers to exploit product crashes.


More from Cybernews:

3.5m IP cameras exposed, with US in the lead

India’s foreign ministry leaks expat passport details

California says it is responding to Lockbit’s attack on Department of Finance

Apple fixed actively exploited zero-day bug impacting iPhones

Seven accused of smuggling military tech from US to Russia

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked