The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 97, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-04, Firefox 97 addressed the following four High severity vulnerabilities:
- CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service
- CVE-2022-22754: Extensions could have bypassed permission confirmation during update
- CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
- CVE-2022-0511: Memory safety bugs fixed in Firefox 97.
The memory safety bugs could allow an attacker to exploit and then run arbitrary code. To add, seven other Moderate and one Low severity vulnerabilities were also patched.
Finally, Mozilla also released Firefox ESR 91.6.