Vulnerabilities > Mozilla > Firefox > 104.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-42928 | NULL Pointer Dereference vulnerability in Mozilla Firefox Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-42929 | Unspecified vulnerability in Mozilla Firefox If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. | 6.5 |
| 2022-12-22 | CVE-2022-42930 | Race Condition vulnerability in Mozilla Firefox If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. | 7.1 |
| 2022-12-22 | CVE-2022-42931 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Firefox Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. | 3.3 |
| 2022-12-22 | CVE-2022-42932 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. | 8.8 |
| 2022-12-22 | CVE-2022-45403 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. | 6.5 |
| 2022-12-22 | CVE-2022-45404 | Unspecified vulnerability in Mozilla Firefox Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. | 6.5 |
| 2022-12-22 | CVE-2022-45405 | Use After Free vulnerability in Mozilla Firefox Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-45406 | Use After Free vulnerability in Mozilla Firefox If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. | 9.8 |
| 2022-12-22 | CVE-2022-45407 | Use After Free vulnerability in Mozilla Firefox If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. | 7.5 |