Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-31746 | Information Exposure vulnerability in Mozilla Firefox Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. | 6.5 |
| 2022-12-22 | CVE-2022-31747 | Use After Free vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight, Nicolas B. | 9.8 |
| 2022-12-22 | CVE-2022-31748 | Unspecified vulnerability in Mozilla Firefox Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. | 9.8 |
| 2022-12-22 | CVE-2022-34468 | Unspecified vulnerability in Mozilla Firefox An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. | 8.8 |
| 2022-12-22 | CVE-2022-34469 | Improper Certificate Validation vulnerability in Mozilla Firefox When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. | 8.1 |
| 2022-12-22 | CVE-2022-34470 | Use After Free vulnerability in Mozilla Firefox Session history navigations may have led to a use-after-free and potentially exploitable crash. | 9.8 |
| 2022-12-22 | CVE-2022-34471 | Unspecified vulnerability in Mozilla Firefox When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. | 6.5 |
| 2022-12-22 | CVE-2022-34472 | Unspecified vulnerability in Mozilla Firefox If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. | 4.3 |
| 2022-12-22 | CVE-2022-34473 | Cross-site Scripting vulnerability in Mozilla Firefox The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. | 6.1 |
| 2022-12-22 | CVE-2022-34474 | Open Redirect vulnerability in Mozilla Firefox Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. | 6.1 |