Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-36315 | Unspecified vulnerability in Mozilla Firefox When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. | 4.3 |
| 2022-12-22 | CVE-2022-36316 | Open Redirect vulnerability in Mozilla Firefox When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. | 6.1 |
| 2022-12-22 | CVE-2022-36317 | Unspecified vulnerability in Mozilla Firefox When visiting a website with an overly long URL, the user interface would start to hang. | 6.5 |
| 2022-12-22 | CVE-2022-36318 | Race Condition vulnerability in Mozilla Thunderbird When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. | 5.3 |
| 2022-12-22 | CVE-2022-38472 | Origin Validation Error vulnerability in Mozilla Thunderbird An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. | 6.5 |
| 2022-12-22 | CVE-2022-38474 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox A website that had permission to access the microphone could record audio without the audio notification being shown. | 4.3 |
| 2022-12-22 | CVE-2022-38475 | Incorrect Authorization vulnerability in Mozilla Firefox An attacker could have written a value to the first element in a zero-length JavaScript array. | 6.5 |
| 2022-12-22 | CVE-2022-3266 | Out-of-bounds Read vulnerability in Mozilla Thunderbird An out-of-bounds read can occur when decoding H264 video. | 5.5 |
| 2022-12-22 | CVE-2022-40956 | Cross-site Scripting vulnerability in Mozilla Thunderbird When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. | 6.1 |
| 2022-12-22 | CVE-2022-40957 | Unspecified vulnerability in Mozilla Thunderbird Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. | 6.5 |