Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-22760 | Information Exposure Through an Error Message vulnerability in Mozilla Firefox When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. | 6.5 |
| 2022-12-22 | CVE-2022-22761 | Unspecified vulnerability in Mozilla Firefox Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. | 8.8 |
| 2022-12-22 | CVE-2022-22762 | Unspecified vulnerability in Mozilla Firefox Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. | 4.3 |
| 2022-12-22 | CVE-2022-22763 | Unspecified vulnerability in Mozilla Firefox When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. | 8.8 |
| 2022-12-22 | CVE-2022-22764 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. | 8.8 |
| 2022-12-22 | CVE-2022-26381 | Use After Free vulnerability in Mozilla Firefox An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-26382 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. | 4.3 |
| 2022-12-22 | CVE-2022-26383 | Unspecified vulnerability in Mozilla Firefox When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. | 4.3 |
| 2022-12-22 | CVE-2022-26384 | Unspecified vulnerability in Mozilla Firefox If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. | 9.6 |
| 2022-12-22 | CVE-2022-26385 | Use After Free vulnerability in Mozilla Firefox In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. | 6.5 |