Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-22763 Unspecified vulnerability in Mozilla Firefox
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-22764 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-26381 Use After Free vulnerability in Mozilla Firefox
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-26382 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts.
network
low complexity
mozilla CWE-203
4.3
2022-12-22 CVE-2022-26383 Unspecified vulnerability in Mozilla Firefox
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-26384 Unspecified vulnerability in Mozilla Firefox
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.
network
low complexity
mozilla
critical
9.6
2022-12-22 CVE-2022-26385 Use After Free vulnerability in Mozilla Firefox
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-26387 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed.
network
high complexity
mozilla CWE-367
7.5
2022-12-22 CVE-2022-26485 Use After Free vulnerability in Mozilla products
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-26486 Use After Free vulnerability in Mozilla products
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape.
network
low complexity
mozilla CWE-416
critical
9.6