Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-22737 Race Condition vulnerability in Mozilla Firefox
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows.
network
high complexity
mozilla CWE-362
7.5
2022-12-22 CVE-2022-22738 Out-of-bounds Write vulnerability in Mozilla Firefox
Applying a CSS filter effect could have accessed out of bounds memory.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-22740 Use After Free vulnerability in Mozilla Firefox
Certain network request objects were freed too early when releasing a network request handle.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-22741 Unspecified vulnerability in Mozilla Firefox
When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode.
network
low complexity
mozilla
7.5
2022-12-22 CVE-2022-22744 Improper Encoding or Escaping of Output vulnerability in Mozilla Firefox
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell.
network
low complexity
mozilla CWE-116
8.8
2022-12-22 CVE-2022-22751 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-22752 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-22753 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory.
network
high complexity
mozilla CWE-367
7.1
2022-12-22 CVE-2022-22755 Operation on a Resource after Expiration or Release vulnerability in Mozilla Firefox
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed.
network
low complexity
mozilla CWE-672
8.8
2022-12-22 CVE-2022-22756 Unspecified vulnerability in Mozilla Firefox
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.
network
low complexity
mozilla
8.8