Mozilla released updates addressing several vulnerabilities impacting Thunderbird, Firefox ESR, and Firefox. If exploited, the flaws could have allowed arbitrary code execution.
Mozilla’s latest batch of updates addressed several high-impact vulnerabilities that affect the Firefox browser, its enterprise version Firefox ESR and the email application Thunderbird.
US Cybersecurity and Infrastructure Security Agency (CISA) encouraged users and admins to take note of Mozilla’s updates and upgrade their systems.
“An attacker could exploit these vulnerabilities to take control of an affected system,” CISA’s advisory said.
One of the high-impact vulnerabilities, tracked as CVE-2022-46878, affects all three of Mozilla’s products. According to the company’s advisory, the bug showed evidence of memory corruption.
“We presume that with enough effort, some of these could have been exploited to run arbitrary code,” Mozilla’s advisory read.
Another high-impact flaw affecting all three company’s products, CVE-2022-46872, could allow an attacker who compromised a content process to read arbitrary files.
However, Mozilla noted that the specific bug only affects its products for Linux operating system. Other high-impact bugs mentioned in the advisory would enable attackers to exploit product crashes.
More from Cybernews:
Subscribe to our newsletter