Security News > 2022 > April > Firefox 99 is out – no major bugs, but update anyway!
The once-every-four-weeks security update to Mozilla's Firefox browser officially arrived today.
The regular version of Firefox is now 99.0, while the Extended Support Release, which gets security fixes without any feature updates, is now 91.8.0 ESR. Add together the first two numbers in the ESR release triplet and you should get the same value as the first number in the regular release.
0, i.e. 99.0.). Fortunately, as in the April 2022 Google Android update we just wrote about that happened to arrive on the same day, there were no critical security fixes and no zero-day holes patched.
In particular, although Mozilla admits that some of the memory management bugs that were fixed in Firefox 99.0 might be exploitable "With enough effort", no working exploits are yet known.
Click the Menu button at the top right of your Firefox window, then click Help, and select About Firefox.
CVE-2022-28283: Missing security checks for fetching sourceMapURL. The SourceMap tool in Firefox isn't intended for everyday use - it's a feature that's useful for developers wanting to dig into the JavaScript source code of a web page to see why it's misbehaving.
News URL
https://nakedsecurity.sophos.com/2022/04/05/firefox-99-is-out-no-major-bugs-but-update-anyway/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-28283 | Unspecified vulnerability in Mozilla Firefox The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. | 6.5 |