Vulnerabilities > Mozilla > Firefox > 97.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-42928 | NULL Pointer Dereference vulnerability in Mozilla Firefox Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-42929 | Unspecified vulnerability in Mozilla Firefox If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. | 6.5 |
| 2022-12-22 | CVE-2022-42930 | Race Condition vulnerability in Mozilla Firefox If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. | 7.1 |
| 2022-12-22 | CVE-2022-42931 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Firefox Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. | 3.3 |
| 2022-12-22 | CVE-2022-42932 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. | 8.8 |
| 2022-12-22 | CVE-2022-45406 | Use After Free vulnerability in Mozilla Firefox If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. | 9.8 |
| 2022-12-22 | CVE-2022-45421 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. | 8.8 |
| 2022-12-22 | CVE-2022-46871 | An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. | 8.8 |
| 2022-12-22 | CVE-2022-46872 | Unspecified vulnerability in Mozilla Firefox An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. | 8.6 |
| 2022-12-22 | CVE-2022-46873 | Injection vulnerability in Mozilla Firefox Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. | 8.8 |