Vulnerabilities > Mozilla > Firefox ESR > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-26485 Use After Free vulnerability in Mozilla products
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-28281 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-28289 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-29909 Incorrect Default Permissions vulnerability in Mozilla Thunderbird
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.
network
low complexity
mozilla CWE-276
8.8
2022-12-22 CVE-2022-2200 Unspecified vulnerability in Mozilla Firefox
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-2505 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-31739 Unspecified vulnerability in Mozilla Firefox
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-31740 Unspecified vulnerability in Mozilla Firefox ESR
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-31741 Use of Uninitialized Resource vulnerability in Mozilla Firefox
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.
network
low complexity
mozilla CWE-908
8.8
2022-12-22 CVE-2022-34468 Unspecified vulnerability in Mozilla Firefox
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link.
network
low complexity
mozilla
8.8