Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-34469 | Improper Certificate Validation vulnerability in Mozilla Firefox When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. | 8.1 |
| 2022-12-22 | CVE-2022-34470 | Use After Free vulnerability in Mozilla Firefox Session history navigations may have led to a use-after-free and potentially exploitable crash. | 9.8 |
| 2022-12-22 | CVE-2022-34471 | Unspecified vulnerability in Mozilla Firefox When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. | 6.5 |
| 2022-12-22 | CVE-2022-34472 | Unspecified vulnerability in Mozilla Firefox If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. | 4.3 |
| 2022-12-22 | CVE-2022-34473 | Cross-site Scripting vulnerability in Mozilla Firefox The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. | 6.1 |
| 2022-12-22 | CVE-2022-34474 | Open Redirect vulnerability in Mozilla Firefox Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. | 6.1 |
| 2022-12-22 | CVE-2022-34475 | Cross-site Scripting vulnerability in Mozilla Firefox SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. | 6.1 |
| 2022-12-22 | CVE-2022-34476 | Unspecified vulnerability in Mozilla Firefox ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. | 9.8 |
| 2022-12-22 | CVE-2022-34477 | Unspecified vulnerability in Mozilla Firefox The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. | 7.5 |
| 2022-12-22 | CVE-2022-34478 | Unspecified vulnerability in Mozilla Firefox The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. | 6.5 |