Vulnerabilities > Mozilla > Firefox ESR > 91.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-38473 | Improper Preservation of Permissions vulnerability in Mozilla Thunderbird A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). | 8.8 |
2022-12-22 | CVE-2022-38478 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. | 8.8 |
2022-12-22 | CVE-2022-40962 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. | 8.8 |
2022-12-22 | CVE-2022-42927 | Origin Validation Error vulnerability in Mozilla Firefox A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. | 8.1 |
2022-12-22 | CVE-2022-42928 | NULL Pointer Dereference vulnerability in Mozilla Firefox Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. | 8.8 |
2022-12-22 | CVE-2022-42929 | Unspecified vulnerability in Mozilla Firefox If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. | 6.5 |
2022-12-22 | CVE-2022-42932 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. | 8.8 |
2022-12-22 | CVE-2022-45406 | Use After Free vulnerability in Mozilla Firefox If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. | 9.8 |
2022-12-22 | CVE-2022-45421 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. | 8.8 |
2022-12-22 | CVE-2022-46872 | Unspecified vulnerability in Mozilla Firefox An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. | 8.6 |