Vulnerabilities > Mozilla > Firefox ESR > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-42932 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. | 8.8 |
2022-12-22 | CVE-2022-45409 | Use After Free vulnerability in Mozilla Firefox The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. | 8.8 |
2022-12-22 | CVE-2022-45412 | Link Following vulnerability in Mozilla Firefox When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. | 8.8 |
2022-12-22 | CVE-2022-45421 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. | 8.8 |
2022-12-22 | CVE-2022-46872 | Unspecified vulnerability in Mozilla Firefox An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. | 8.6 |
2022-12-22 | CVE-2022-46874 | Unspecified vulnerability in Mozilla Firefox A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. | 8.8 |
2022-12-22 | CVE-2022-46878 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. | 8.8 |
2022-12-22 | CVE-2022-46881 | Out-of-bounds Write vulnerability in Mozilla Firefox An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. | 8.8 |
2021-12-08 | CVE-2021-38504 | Use After Free vulnerability in multiple products When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. | 8.8 |
2021-12-08 | CVE-2021-38510 | Unspecified vulnerability in Mozilla Firefox The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. | 8.8 |