Rewterz Threat Advisory – CVE-2022-34917 – Apache Kafka Vulnerability
September 21, 2022Rewterz Threat Advisory – CVE-2022-40139 – Trend Micro Apex One Vulnerability
September 21, 2022Rewterz Threat Advisory – CVE-2022-34917 – Apache Kafka Vulnerability
September 21, 2022Rewterz Threat Advisory – CVE-2022-40139 – Trend Micro Apex One Vulnerability
September 21, 2022Severity
High
Analysis Summary
CVE-2022-40962 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-40957 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by inconsistent data in instruction and data cache when creating wasm code. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause browser to crash.
CVE-2022-40956 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when injecting an HTML base element and ignoring requests. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the Content Security Policy’s base-uri settings restrictions.
CVE-2022-40961 CVSS:6.5
Mozilla Firefox for Android is vulnerable to a denial of service, caused by a stack-based buffer overflow when initializing Graphics. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause browser to crash.
CVE-2022-40958 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when injecting a cookie with certain special characters. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass secure context restrictions to set and thus overwrite cookies from a secure context, leading to session fixation and other attacks.
CVE-2022-40959 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error during iframe navigation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass FeaturePolicy restrictions.
CVE-2022-40960 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when parsing non-UTF-8 URLs in threads. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause browser to crash.
Impact
- Code Execution
- Denial of Service
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-20846
- CVE-2022-20849
Affected Vendors
- Mozilla
Affected Products
- Mozilla Firefox ESR 102.3
- Mozilla Firefox 104
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Firefox ESR 102.3
Mozilla Firefox 105