Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-26386 | Unspecified vulnerability in Mozilla Firefox ESR Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. | 6.5 |
| 2022-12-22 | CVE-2022-26387 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. | 7.5 |
| 2022-12-22 | CVE-2022-26485 | Use After Free vulnerability in Mozilla products Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. | 8.8 |
| 2022-12-22 | CVE-2022-26486 | Use After Free vulnerability in Mozilla products An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. | 9.6 |
| 2022-12-22 | CVE-2022-28281 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-28282 | Use After Free vulnerability in Mozilla Firefox ESR By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-28283 | Unspecified vulnerability in Mozilla Firefox The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. | 6.5 |
| 2022-12-22 | CVE-2022-28284 | Unspecified vulnerability in Mozilla Firefox SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. | 8.8 |
| 2022-12-22 | CVE-2022-28285 | Out-of-bounds Read vulnerability in Mozilla Firefox ESR When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. | 6.5 |
| 2022-12-22 | CVE-2022-28286 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR Due to a layout change, iframe contents could have been rendered outside of its border. | 5.4 |