Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385) A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature. (CVE-2022-26387)
Continue reading...
Continue reading...
