Vulnerabilities > Mozilla > Firefox > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-34468 | Unspecified vulnerability in Mozilla Firefox An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. | 8.8 |
| 2022-12-22 | CVE-2022-34469 | Improper Certificate Validation vulnerability in Mozilla Firefox When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. | 8.1 |
| 2022-12-22 | CVE-2022-34477 | Unspecified vulnerability in Mozilla Firefox The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. | 7.5 |
| 2022-12-22 | CVE-2022-34480 | Access of Uninitialized Pointer vulnerability in Mozilla Firefox Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. | 8.8 |
| 2022-12-22 | CVE-2022-34481 | Integer Overflow or Wraparound vulnerability in Mozilla Firefox In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. | 8.8 |
| 2022-12-22 | CVE-2022-34482 | Unspecified vulnerability in Mozilla Firefox An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. | 8.8 |
| 2022-12-22 | CVE-2022-34483 | Unspecified vulnerability in Mozilla Firefox An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. | 8.8 |
| 2022-12-22 | CVE-2022-34484 | Use After Free vulnerability in Mozilla Firefox The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. | 8.8 |
| 2022-12-22 | CVE-2022-36319 | Unspecified vulnerability in Mozilla Thunderbird When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. | 7.5 |
| 2022-12-22 | CVE-2022-38473 | Improper Preservation of Permissions vulnerability in Mozilla Thunderbird A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). | 8.8 |