Vulnerabilities > Mozilla > Firefox ESR > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-26485 | Use After Free vulnerability in Mozilla products Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. | 8.8 |
2022-12-22 | CVE-2022-28281 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. | 8.8 |
2022-12-22 | CVE-2022-28289 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. | 8.8 |
2022-12-22 | CVE-2022-29909 | Incorrect Default Permissions vulnerability in Mozilla Thunderbird Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. | 8.8 |
2022-12-22 | CVE-2022-2200 | Unspecified vulnerability in Mozilla Firefox If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. | 8.8 |
2022-12-22 | CVE-2022-2505 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. | 8.8 |
2022-12-22 | CVE-2022-31739 | Unspecified vulnerability in Mozilla Firefox When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. | 8.8 |
2022-12-22 | CVE-2022-31740 | Unspecified vulnerability in Mozilla Firefox ESR On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. | 8.8 |
2022-12-22 | CVE-2022-31741 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. | 8.8 |
2022-12-22 | CVE-2022-34468 | Unspecified vulnerability in Mozilla Firefox An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. | 8.8 |