Security Alerts

Your review has been sent successfully
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Red Hat Warning

146

Warning Date: 12 January, 2022

Severity Level ● High

Warning Number: 2022-4195

Target Sector: All

Description:

Red Hat has released security updates to address several vulnerabilities in the following products, the mose ones:

  • Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)
  • Mozilla: Race condition when playing audio files (CVE-2022-22737)
  • Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)
  • Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)
  • Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741)
  • Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)
  • Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743)
  • Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)
  • Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)
  • Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)
  • Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)
  • Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)
  • Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64
Threats:

An attacker could exploit these vulnerabilities by executing arbitrary code.

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

Last updated at 12 January, 2022

Rate the content

rate-icon
up icon