Rewterz Threat Alert – Trickbot Malware – Active IOCs
July 28, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
July 28, 2022Rewterz Threat Alert – Trickbot Malware – Active IOCs
July 28, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
July 28, 2022Severity
Medium
Analysis Summary
CVE-2022-2505 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-36320 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-36316 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when using the Performance API. By persuading a victim to visit a specially-crafted Web site, a remote attacker could notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect.
CVE-2022-36315 CVSS:5.7
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when loading a script with Subresource Integrity. By persuading a victim to visit a specially-crafted Web site, a remote attacker with injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.
CVE-2022-36314 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when opening a Windows shortcut from the local filesystem. By persuading a victim to visit a specially-crafted Web site, a remote attacker could supply a remote path that would lead to unexpected network requests from the operating system.
CVE-2022-36318 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a race condition during the initialization of a new content process. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to disclose heap addresses from the parent process.
CVE-2022-36317 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by an error during a session restore. By persuading a victim to visit a specially-crafted Web site with an overly long URL, a remote attacker could exploit this vulnerability to cause the user interface to hang.
CVE-2022-36319 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when combining CSS properties for overflow and transform. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the mouse position.
Impact
- Code Execution
- Information Disclosure
- Security Bypass
- Denial of Service
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-2505
- CVE-2022-36320
- CVE-2022-36316
- CVE-2022-36315
- CVE-2022-36314
- CVE-2022-36318
- CVE-2022-36317
- CVE-2022-36319
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 102
- Mozilla Firefox ESR 102
- Mozilla Firefox ESR 91.11
Remediation
Refer to Mozilla Firefox Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Firefox 103
Mozilla Firefox ESR 91.12
Mozilla Firefox ESR 102.1