Vulnerabilities > Mozilla > Firefox > 97.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-32215 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. | 8.8 |
| 2022-12-22 | CVE-2022-1097 | Use After Free vulnerability in Mozilla Firefox ESR <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-1529 | Unspecified vulnerability in Mozilla Thunderbird An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. | 8.8 |
| 2022-12-22 | CVE-2022-1802 | Unspecified vulnerability in Mozilla Thunderbird If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. | 8.8 |
| 2022-12-22 | CVE-2022-1887 | SQL Injection vulnerability in Mozilla Firefox The search term could have been specified externally to trigger SQL injection. | 9.8 |
| 2022-12-22 | CVE-2022-26381 | Use After Free vulnerability in Mozilla Firefox An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-26382 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. | 4.3 |
| 2022-12-22 | CVE-2022-26383 | Unspecified vulnerability in Mozilla Firefox When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. | 4.3 |
| 2022-12-22 | CVE-2022-26384 | Unspecified vulnerability in Mozilla Firefox If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. | 9.6 |
| 2022-12-22 | CVE-2022-26385 | Use After Free vulnerability in Mozilla Firefox In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. | 6.5 |