The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 98, as well as a number of other bug fixes.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-10, Firefox 98 addressed the following four High severity vulnerabilities:
- CVE-2022-26383: Browser window spoof using fullscreen mode
- CVE-2022-26384: iframe allow-scripts sandbox bypass
- CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
- CVE-2022-26381: Use-after-free in text reflows.
To add, three other Moderate vulnerabilities were also patched.
Finally, Mozilla also released Firefox ESR 91.7.