Mozilla released updates for its Firefox and Firefox ESR web browsers on May 20, 2022. The Thunderbird development team also released a patch for the email client. The security updates address two critical security issues in the Firefox and Thunderbird web browser.
Here is the list of products with updates:
- Firefox 100.0.2
- Firefox ESR 91.9.1
- Firefox for Android 100.3
- Thunderbird 91.9.1
Updates are already available and most user installs will update automatically. Desktop users who don’t want to wait for this to happen can run a manual check for updates to speed up installation.
- firefox: Select Menu > Help > About Firefox. Firefox runs a manual check for updates. Any update found will be downloaded and installed.
- thunderbird: Select Help > About Thunderbird. Thunderbird will also check for updates and install any it finds.
Note: Firefox for Android is updated through Google Play. There is no option to speed up the delivery of updates on Android through Google Play.
the official release notes list a single entry, which confirms the secure nature of the update. Mozilla released a security consulting for all affected versions of the web browser which provide additional details about the issues:
There, users discover that two security issues have been fixed in the update. Both issues have the critical severity level, the highest level available. They were reported to Mozilla by Manfred Paul via Trend Micro’s Zero Day initiative.
CVE-2022-1802: Prototype pollution in Top-Level Await implementation
Related bug reports are restricted. Mozilla makes no mention of attacks in the wild that target these vulnerabilities.
Firefox and Thunderbird users may want to update their apps quickly to protect against attacks targeting these issues.
Now you: When do you update your apps?