Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-0511 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. | 8.8 |
| 2022-12-22 | CVE-2022-0517 | Unrestricted Upload of File with Dangerous Type vulnerability in Mozilla VPN Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. | 7.8 |
| 2022-12-22 | CVE-2022-0566 | Out-of-bounds Write vulnerability in Mozilla Thunderbird It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. | 8.8 |
| 2022-12-22 | CVE-2022-0843 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. | 8.8 |
| 2022-12-22 | CVE-2022-1097 | Use After Free vulnerability in Mozilla Firefox ESR <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-1196 | Use After Free vulnerability in Mozilla Firefox ESR After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-1197 | Improper Certificate Validation vulnerability in Mozilla Thunderbird When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. | 5.4 |
| 2022-12-22 | CVE-2022-1520 | Unspecified vulnerability in Mozilla Thunderbird When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. | 4.3 |
| 2022-12-22 | CVE-2022-1529 | Unspecified vulnerability in Mozilla Thunderbird An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. | 8.8 |
| 2022-12-22 | CVE-2022-1802 | Unspecified vulnerability in Mozilla Thunderbird If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. | 8.8 |