Mozilla has released updates that fix several vulnerabilities in Thunderbird, Firefox ESR and Firefox. CISA urged users and administrators to pay attention to this patch, as attackers can use unpatched security holes to execute arbitrary code.
Mozilla has released three reports addressing vulnerabilities in Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108. One of the most dangerous flaws, tracked as CVE-2022-46878, affects all three of the company's products. It is a memory corruption that can lead to arbitrary code execution.
Another major vulnerability affecting all three Mozilla products has been identified as CVE-2022-46872. It allows a hacker with access to a page-processing to bypass Linux's sandbox isolation and read the contents of arbitrary files by manipulating IPC messages associated with the clipboard.