Vulnerabilities > Mozilla > Firefox > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-34473 | Cross-site Scripting vulnerability in Mozilla Firefox The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. | 6.1 |
2022-12-22 | CVE-2022-34474 | Open Redirect vulnerability in Mozilla Firefox Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. | 6.1 |
2022-12-22 | CVE-2022-34475 | Cross-site Scripting vulnerability in Mozilla Firefox SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. | 6.1 |
2022-12-22 | CVE-2022-34478 | Unspecified vulnerability in Mozilla Firefox The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. | 6.5 |
2022-12-22 | CVE-2022-34479 | Unspecified vulnerability in Mozilla Firefox A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. | 6.5 |
2022-12-22 | CVE-2022-36314 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. | 5.5 |
2022-12-22 | CVE-2022-36315 | Unspecified vulnerability in Mozilla Firefox When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. | 4.3 |
2022-12-22 | CVE-2022-36316 | Open Redirect vulnerability in Mozilla Firefox When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. | 6.1 |
2022-12-22 | CVE-2022-36317 | Unspecified vulnerability in Mozilla Firefox When visiting a website with an overly long URL, the user interface would start to hang. | 6.5 |
2022-12-22 | CVE-2022-36318 | Race Condition vulnerability in Mozilla Thunderbird When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. | 5.3 |