Vulnerabilities > Mozilla > Firefox ESR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-22745 | Unspecified vulnerability in Mozilla Firefox Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. | 6.5 |
| 2022-12-22 | CVE-2022-22746 | Race Condition vulnerability in Mozilla Firefox A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. | 5.9 |
| 2022-12-22 | CVE-2022-22747 | Improper Certificate Validation vulnerability in Mozilla Firefox After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. | 6.5 |
| 2022-12-22 | CVE-2022-22748 | Unspecified vulnerability in Mozilla Firefox Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. | 6.5 |
| 2022-12-22 | CVE-2022-22754 | Incorrect Authorization vulnerability in Mozilla Firefox If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. | 6.5 |
| 2022-12-22 | CVE-2022-22760 | Information Exposure Through an Error Message vulnerability in Mozilla Firefox When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. | 6.5 |
| 2022-12-22 | CVE-2022-26383 | Unspecified vulnerability in Mozilla Firefox When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. | 4.3 |
| 2022-12-22 | CVE-2022-26386 | Unspecified vulnerability in Mozilla Firefox ESR Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. | 6.5 |
| 2022-12-22 | CVE-2022-28282 | Use After Free vulnerability in Mozilla Firefox ESR By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-28285 | Out-of-bounds Read vulnerability in Mozilla Firefox ESR When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. | 6.5 |