Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-22758 Cleartext Transmission of Sensitive Information vulnerability in Mozilla Firefox
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number.
network
low complexity
mozilla CWE-319
8.8
2022-12-22 CVE-2022-22761 Unspecified vulnerability in Mozilla Firefox
Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-22763 Unspecified vulnerability in Mozilla Firefox
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-22764 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-26381 Use After Free vulnerability in Mozilla Firefox
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-26387 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed.
network
high complexity
mozilla CWE-367
7.5
2022-12-22 CVE-2022-26485 Use After Free vulnerability in Mozilla products
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-28281 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-28284 Unspecified vulnerability in Mozilla Firefox
SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstances.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-28288 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98.
network
low complexity
mozilla CWE-787
8.8