Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-28289 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-29909 Incorrect Default Permissions vulnerability in Mozilla Thunderbird
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.
network
low complexity
mozilla CWE-276
8.8
2022-12-22 CVE-2022-29918 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-2200 Unspecified vulnerability in Mozilla Firefox
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-2505 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-31739 Unspecified vulnerability in Mozilla Firefox
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-31740 Unspecified vulnerability in Mozilla Firefox ESR
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-31741 Use of Uninitialized Resource vulnerability in Mozilla Firefox
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.
network
low complexity
mozilla CWE-908
8.8
2022-12-22 CVE-2022-34468 Unspecified vulnerability in Mozilla Firefox
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-34469 Improper Certificate Validation vulnerability in Mozilla Firefox
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error.
network
low complexity
mozilla CWE-295
8.1