Vulnerabilities > Mozilla > Firefox ESR > 91.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-31740 | Unspecified vulnerability in Mozilla Firefox ESR On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-31741 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. | 8.8 |
| 2022-12-22 | CVE-2022-31742 | Unspecified vulnerability in Mozilla Firefox An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. | 6.5 |
| 2022-12-22 | CVE-2022-31744 | Cross-site Scripting vulnerability in Mozilla Firefox ESR An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. | 6.5 |
| 2022-12-22 | CVE-2022-31747 | Use After Free vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight, Nicolas B. | 9.8 |
| 2022-12-22 | CVE-2022-34468 | Unspecified vulnerability in Mozilla Firefox An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. | 8.8 |
| 2022-12-22 | CVE-2022-34470 | Use After Free vulnerability in Mozilla Firefox Session history navigations may have led to a use-after-free and potentially exploitable crash. | 9.8 |
| 2022-12-22 | CVE-2022-34472 | Unspecified vulnerability in Mozilla Firefox If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. | 4.3 |
| 2022-12-22 | CVE-2022-34478 | Unspecified vulnerability in Mozilla Firefox The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. | 6.5 |
| 2022-12-22 | CVE-2022-34479 | Unspecified vulnerability in Mozilla Firefox A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. | 6.5 |