Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-34477 Unspecified vulnerability in Mozilla Firefox
The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks.
network
low complexity
mozilla
7.5
2022-12-22 CVE-2022-34480 Access of Uninitialized Pointer vulnerability in Mozilla Firefox
Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated.
network
low complexity
mozilla CWE-824
8.8
2022-12-22 CVE-2022-34481 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container.
network
low complexity
mozilla CWE-190
8.8
2022-12-22 CVE-2022-34482 Unspecified vulnerability in Mozilla Firefox
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-34483 Unspecified vulnerability in Mozilla Firefox
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-34484 Use After Free vulnerability in Mozilla Firefox
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-36319 Unspecified vulnerability in Mozilla Thunderbird
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.
network
low complexity
mozilla
7.5
2022-12-22 CVE-2022-38473 Improper Preservation of Permissions vulnerability in Mozilla Thunderbird
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).
network
low complexity
mozilla CWE-281
8.8
2022-12-22 CVE-2022-38477 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-38478 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12.
network
low complexity
mozilla CWE-787
8.8