Vulnerabilities > Mozilla > Firefox > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-34485 Out-of-bounds Write vulnerability in Mozilla Firefox 101.0/101.0.1
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2022-12-22 CVE-2022-34476 Unspecified vulnerability in Mozilla Firefox
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1.
network
low complexity
mozilla
critical
 9.8
9.8
2022-12-22 CVE-2022-34470 Use After Free vulnerability in Mozilla Firefox
Session history navigations may have led to a use-after-free and potentially exploitable crash.
network
low complexity
mozilla CWE-416
critical
 9.8
9.8
2022-12-22 CVE-2022-31748 Unspecified vulnerability in Mozilla Firefox
Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100.
network
low complexity
mozilla
critical
 9.8
9.8
2022-12-22 CVE-2022-31747 Use After Free vulnerability in Mozilla Firefox
Mozilla developers Andrew McCreight, Nicolas B.
network
low complexity
mozilla CWE-416
critical
 9.8
9.8
2022-12-22 CVE-2022-31737 Out-of-bounds Write vulnerability in Mozilla Firefox
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2022-12-22 CVE-2022-31736 Unspecified vulnerability in Mozilla Firefox
A malicious website could have learned the size of a cross-origin resource that supported Range requests.
network
low complexity
mozilla
critical
 9.8
9.8
2022-12-22 CVE-2022-29917 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2022-12-22 CVE-2022-26486 Use After Free vulnerability in Mozilla products
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape.
network
low complexity
mozilla CWE-416
critical
 9.6
9.6
2022-12-22 CVE-2022-26384 Unspecified vulnerability in Mozilla Firefox
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.
network
low complexity
mozilla
critical
 9.6
9.6