Vulnerabilities > Mozilla > Firefox > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-22747 Improper Certificate Validation vulnerability in Mozilla Firefox
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash.
network
low complexity
mozilla CWE-295
6.5
2022-12-22 CVE-2022-22748 Unspecified vulnerability in Mozilla Firefox
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-22749 Unspecified vulnerability in Mozilla Firefox
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-22750 Unspecified vulnerability in Mozilla Firefox
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.<br>*This bug only affects Firefox for Windows and MacOS.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-22754 Incorrect Authorization vulnerability in Mozilla Firefox
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.
network
low complexity
mozilla CWE-863
6.5
2022-12-22 CVE-2022-22757 Origin Validation Error vulnerability in Mozilla Firefox
Remote Agent, used in WebDriver, did not validate the Host or Origin headers.
network
low complexity
mozilla CWE-346
6.5
2022-12-22 CVE-2022-22760 Information Exposure Through an Error Message vulnerability in Mozilla Firefox
When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses.
network
low complexity
mozilla CWE-209
6.5
2022-12-22 CVE-2022-22762 Unspecified vulnerability in Mozilla Firefox
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-26382 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts.
network
low complexity
mozilla CWE-203
4.3
2022-12-22 CVE-2022-26383 Unspecified vulnerability in Mozilla Firefox
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
network
low complexity
mozilla
4.3