This week, Mozilla announced the release of Firefox 102 in the stable channel, which includes fixes for 19 vulnerabilities, including four high-severity flaws. The latest update from Mozilla fixes CVE-2022-34470, a high-severity use-after-free flaw in nssHistory that was brought on while switching between XML documents and might result in a crash that could be exploited.
Use-after-free flaw can be used to execute arbitrary code, corrupt data, or cause a denial of service; when combined with other bugs, they can compromise the entire system. These flaws can be used by malicious websites to get beyond a browser’s sandbox.
The latest version of Firefox also fixes Linux-specific bug CVE-2022-34479, which allowed malicious websites to produce popup windows that could be resized in a way that covered the address bar with online content, possibly opening the door for spoofing attacks.