“Attackers could attack Firefox, Firefox ESR, and Thunderbird in certain situations and execute malicious code in the worst case scenario. If this works, they are likely to completely compromise systems.
The two web browsers may experience problems with parsing (CVE-2022-40 960 “high”) of non-UTF8 URLs. In an unspecified attack scenario, malicious code could reach systems (CVE-2022-40 962 “high”).
Developers have fixed the vulnerabilities in Firefox 105, Firefox ESR 102.3, and Thunderbird 91.13.1 and Thunderbird 102.2.1.”
in both products updates go like this:
- help -> About Firefox/Thunderbird -> update