Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2021-4128 Use After Free vulnerability in Mozilla Firefox
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2021-4129 Unspecified vulnerability in Mozilla Firefox ESR
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94.
network
low complexity
mozilla
critical
9.8
2022-12-22 CVE-2021-4221 Unspecified vulnerability in Mozilla Firefox
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-0511 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-0843 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-22753 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory.
network
high complexity
mozilla CWE-367
7.1
2022-12-22 CVE-2022-22754 Incorrect Authorization vulnerability in Mozilla Firefox
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.
network
low complexity
mozilla CWE-863
6.5
2022-12-22 CVE-2022-22755 Operation on a Resource after Expiration or Release vulnerability in Mozilla Firefox
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed.
network
low complexity
mozilla CWE-672
8.8
2022-12-22 CVE-2022-22756 Unspecified vulnerability in Mozilla Firefox
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-22757 Improper Input Validation vulnerability in Mozilla Firefox
Remote Agent, used in WebDriver, did not validate the Host or Origin headers.
network
low complexity
mozilla CWE-20
6.5