Vulnerabilities > Mozilla > Firefox > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-26385 Use After Free vulnerability in Mozilla Firefox
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-28282 Use After Free vulnerability in Mozilla Firefox ESR
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-28283 Unspecified vulnerability in Mozilla Firefox
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-28285 Out-of-bounds Read vulnerability in Mozilla Firefox ESR
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used.
network
low complexity
mozilla CWE-125
6.5
2022-12-22 CVE-2022-28286 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR
Due to a layout change, iframe contents could have been rendered outside of its border.
network
low complexity
mozilla CWE-1021
5.4
2022-12-22 CVE-2022-28287 Unspecified vulnerability in Mozilla Firefox
In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-29910 Open Redirect vulnerability in Mozilla Firefox
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android.
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2022-29911 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present.
network
low complexity
mozilla CWE-1021
6.1
2022-12-22 CVE-2022-29912 Open Redirect vulnerability in Mozilla Thunderbird
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2022-29914 Unspecified vulnerability in Mozilla Thunderbird
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.
network
low complexity
mozilla
6.5