Vulnerabilities > Mozilla > Firefox > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-28289 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. | 8.8 |
2022-12-22 | CVE-2022-29909 | Incorrect Default Permissions vulnerability in Mozilla Thunderbird Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. | 8.8 |
2022-12-22 | CVE-2022-29918 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. | 8.8 |
2022-12-22 | CVE-2022-2200 | Unspecified vulnerability in Mozilla Firefox If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. | 8.8 |
2022-12-22 | CVE-2022-2505 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. | 8.8 |
2022-12-22 | CVE-2022-31739 | Unspecified vulnerability in Mozilla Firefox When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. | 8.8 |
2022-12-22 | CVE-2022-31740 | Unspecified vulnerability in Mozilla Firefox ESR On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. | 8.8 |
2022-12-22 | CVE-2022-31741 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. | 8.8 |
2022-12-22 | CVE-2022-34468 | Unspecified vulnerability in Mozilla Firefox An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. | 8.8 |
2022-12-22 | CVE-2022-34469 | Improper Certificate Validation vulnerability in Mozilla Firefox When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. | 8.1 |