Vulnerabilities > Mozilla > Firefox > 97.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-26387 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. | 7.5 |
| 2022-12-22 | CVE-2022-28281 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-28282 | Use After Free vulnerability in Mozilla Firefox ESR By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-28283 | Unspecified vulnerability in Mozilla Firefox The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. | 6.5 |
| 2022-12-22 | CVE-2022-28284 | Unspecified vulnerability in Mozilla Firefox SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. | 8.8 |
| 2022-12-22 | CVE-2022-28285 | Out-of-bounds Read vulnerability in Mozilla Firefox ESR When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. | 6.5 |
| 2022-12-22 | CVE-2022-28286 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR Due to a layout change, iframe contents could have been rendered outside of its border. | 5.4 |
| 2022-12-22 | CVE-2022-28287 | Unspecified vulnerability in Mozilla Firefox In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. | 6.5 |
| 2022-12-22 | CVE-2022-28288 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. | 8.8 |
| 2022-12-22 | CVE-2022-28289 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. | 8.8 |