Vulnerabilities > Mozilla > Firefox > 91.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-36318 | Race Condition vulnerability in Mozilla Thunderbird When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. | 5.3 |
| 2022-12-22 | CVE-2022-36319 | Unspecified vulnerability in Mozilla Thunderbird When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. | 7.5 |
| 2022-12-22 | CVE-2022-36320 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. | 9.8 |
| 2022-12-22 | CVE-2022-38472 | Origin Validation Error vulnerability in Mozilla Thunderbird An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. | 6.5 |
| 2022-12-22 | CVE-2022-38473 | Improper Preservation of Permissions vulnerability in Mozilla Thunderbird A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). | 8.8 |
| 2022-12-22 | CVE-2022-38475 | Incorrect Authorization vulnerability in Mozilla Firefox An attacker could have written a value to the first element in a zero-length JavaScript array. | 6.5 |
| 2022-12-22 | CVE-2022-38477 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. | 8.8 |
| 2022-12-22 | CVE-2022-38478 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. | 8.8 |
| 2022-12-22 | CVE-2022-3266 | Out-of-bounds Read vulnerability in Mozilla Thunderbird An out-of-bounds read can occur when decoding H264 video. | 5.5 |
| 2022-12-22 | CVE-2022-40956 | Cross-site Scripting vulnerability in Mozilla Thunderbird When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. | 6.1 |