Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.
Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating.
The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines.
Next in line is CVE-2022-22743, another fullscreen spoof, this time affecting the browser window. The bug could allow an attacker-controlled tab to prevent the browser from leaving fullscreen mode when the user navigates from inside an iframe.
Both security defects were discovered by Irvan Kurniawan, who also found that it was possible to prevent a popup window from leaving fullscreen mode when resizing the popup while requesting fullscreen access (CVE-2022-22741).
[ READ: Microsoft Calls Attention to ‘Wormable’ Windows Flaw ]
Kurniawan also reported an out-of-bounds memory access leading to a potentially exploitable crash (CVE-2022-22742).
Other high-risk issues patched in Firefox 96 include two use-after-free flaws (CVE-2022-22740 and CVE-2022-22737), a heap-buffer overflow (CVE-2022-22738), and an iframe sandbox bypass using XSLT (CVE-2021-4140), according to a Mozilla advisory.
The medium severity bugs in the browser refersh also include a sandbox escape when passing resource handles across processes in Firefox for Windows and macOS, lack of URL restrictions when scanning QR codes in Firefox for Android, spoofed origin on external protocol launch dialog, leak of cross-origin URLs via securitypolicyviolation events, and command injection in the “Copy as curl” feature in DevTools.
The open-source group also addressed a series of memory safety bugs affecting both Firefox 96, Firefox ESR 91.5, and Thunderbird 91.5 (CVE-2022-22751), along with medium severity memory safety bugs in Firefox 96 (CVE-2022-22752).
Related: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Related: Mozilla Patches High-Severity Flaws in Firefox, Thunderbird
Related: Firefox 95 Rolls Out With New ‘RLBox’ Isolation Feature