Vulnerabilities > Mozilla > Firefox > 94.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-31744 | Cross-site Scripting vulnerability in Mozilla Firefox ESR An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. | 6.5 |
| 2022-12-22 | CVE-2022-31745 | Improper Validation of Array Index vulnerability in Mozilla Firefox If array shift operations are not used, the Garbage Collector may have become confused about valid objects. | 4.3 |
| 2022-12-22 | CVE-2022-31747 | Use After Free vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight, Nicolas B. | 9.8 |
| 2022-12-22 | CVE-2022-31748 | Unspecified vulnerability in Mozilla Firefox Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. | 9.8 |
| 2022-12-22 | CVE-2022-34468 | Unspecified vulnerability in Mozilla Firefox An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. | 8.8 |
| 2022-12-22 | CVE-2022-34469 | Improper Certificate Validation vulnerability in Mozilla Firefox When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. | 8.1 |
| 2022-12-22 | CVE-2022-34470 | Use After Free vulnerability in Mozilla Firefox Session history navigations may have led to a use-after-free and potentially exploitable crash. | 9.8 |
| 2022-12-22 | CVE-2022-34471 | Unspecified vulnerability in Mozilla Firefox When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. | 6.5 |
| 2022-12-22 | CVE-2022-34472 | Unspecified vulnerability in Mozilla Firefox If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. | 4.3 |
| 2022-12-22 | CVE-2022-34473 | Cross-site Scripting vulnerability in Mozilla Firefox The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. | 6.1 |