Vulnerabilities > Mozilla > Firefox > 27.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-34477 | Unspecified vulnerability in Mozilla Firefox The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. | 7.5 |
| 2022-12-22 | CVE-2022-34478 | Unspecified vulnerability in Mozilla Firefox The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. | 6.5 |
| 2022-12-22 | CVE-2022-34479 | Unspecified vulnerability in Mozilla Firefox A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. | 6.5 |
| 2022-12-22 | CVE-2022-34480 | Access of Uninitialized Pointer vulnerability in Mozilla Firefox Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. | 8.8 |
| 2022-12-22 | CVE-2022-34481 | Integer Overflow or Wraparound vulnerability in Mozilla Firefox In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. | 8.8 |
| 2022-12-22 | CVE-2022-34482 | Unspecified vulnerability in Mozilla Firefox An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. | 8.8 |
| 2022-12-22 | CVE-2022-34483 | Unspecified vulnerability in Mozilla Firefox An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. | 8.8 |
| 2022-12-22 | CVE-2022-34484 | Use After Free vulnerability in Mozilla Firefox The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. | 8.8 |
| 2022-12-22 | CVE-2022-36314 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. | 5.5 |
| 2022-12-22 | CVE-2022-36315 | Unspecified vulnerability in Mozilla Firefox When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. | 4.3 |