Vulnerabilities > Mozilla > Firefox > 98.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-32215 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. | 8.8 |
| 2022-12-22 | CVE-2022-1097 | Use After Free vulnerability in Mozilla Firefox ESR <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-1529 | Unspecified vulnerability in Mozilla Thunderbird An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. | 8.8 |
| 2022-12-22 | CVE-2022-1802 | Unspecified vulnerability in Mozilla Thunderbird If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. | 8.8 |
| 2022-12-22 | CVE-2022-1887 | SQL Injection vulnerability in Mozilla Firefox The search term could have been specified externally to trigger SQL injection. | 9.8 |
| 2022-12-22 | CVE-2022-28281 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-28282 | Use After Free vulnerability in Mozilla Firefox ESR By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-28283 | Unspecified vulnerability in Mozilla Firefox The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. | 6.5 |
| 2022-12-22 | CVE-2022-28284 | Unspecified vulnerability in Mozilla Firefox SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. | 8.8 |
| 2022-12-22 | CVE-2022-28285 | Out-of-bounds Read vulnerability in Mozilla Firefox ESR When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. | 6.5 |