Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 29, 2022Rewterz Threat Update – Iranian State-Owned Company Halts Production After Cyberattack
June 29, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 29, 2022Rewterz Threat Update – Iranian State-Owned Company Halts Production After Cyberattack
June 29, 2022Severity
High
Analysis Summary
CVE-2022-34482 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to drag and drop an image to a filesystem, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.
CVE-2022-34483 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to drag and drop an image to a filesystem, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.
CVE-2022-34481 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the nsTArray_Impl::ReplaceElementsAt() function. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.
CVE-2022-2200 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by setting an undesired attribute as part of prototype pollution. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.
CVE-2022-34484 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-34485 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
- Gain Access
Indicators Of Compromise
CVE
- CVE-2022-34482
- CVE-2022-34483
- CVE-2022-34481
- CVE-2022-2200
- CVE-2022-34484
- CVE-2022-34485
Affected Vendors
- Mozilla
Affected Products
- Mozilla Firefox 101
- Mozilla Firefox ESR 91.10
- Mozilla Thunderbird 101
- Mozilla Thunderbird 91.10
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Firefox 102
Mozilla Firefox ESR 91.11
Mozilla Thunderbird 102 and Thunderbird 91.11