Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-38474 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox A website that had permission to access the microphone could record audio without the audio notification being shown. | 4.3 |
| 2022-12-22 | CVE-2022-38475 | Incorrect Authorization vulnerability in Mozilla Firefox An attacker could have written a value to the first element in a zero-length JavaScript array. | 6.5 |
| 2022-12-22 | CVE-2022-38477 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. | 8.8 |
| 2022-12-22 | CVE-2022-38478 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. | 8.8 |
| 2022-12-22 | CVE-2022-3266 | Out-of-bounds Read vulnerability in Mozilla Thunderbird An out-of-bounds read can occur when decoding H264 video. | 5.5 |
| 2022-12-22 | CVE-2022-40956 | Cross-site Scripting vulnerability in Mozilla Thunderbird When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. | 6.1 |
| 2022-12-22 | CVE-2022-40957 | Unspecified vulnerability in Mozilla Thunderbird Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. | 6.5 |
| 2022-12-22 | CVE-2022-40958 | Injection vulnerability in Mozilla Thunderbird By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. | 6.5 |
| 2022-12-22 | CVE-2022-40959 | Insecure Storage of Sensitive Information vulnerability in Mozilla Thunderbird During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. | 6.5 |
| 2022-12-22 | CVE-2022-40960 | Use After Free vulnerability in Mozilla Thunderbird Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. | 6.5 |