Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-2200 | Unspecified vulnerability in Mozilla Firefox If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. | 8.8 |
| 2022-12-22 | CVE-2022-2505 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. | 8.8 |
| 2022-12-22 | CVE-2022-31739 | Unspecified vulnerability in Mozilla Firefox When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. | 8.8 |
| 2022-12-22 | CVE-2022-31740 | Unspecified vulnerability in Mozilla Firefox ESR On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-31741 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. | 8.8 |
| 2022-12-22 | CVE-2022-34468 | Unspecified vulnerability in Mozilla Firefox An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. | 8.8 |
| 2022-12-22 | CVE-2022-34469 | Improper Certificate Validation vulnerability in Mozilla Firefox When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. | 8.1 |
| 2022-12-22 | CVE-2022-34477 | Unspecified vulnerability in Mozilla Firefox The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. | 7.5 |
| 2022-12-22 | CVE-2022-34480 | Access of Uninitialized Pointer vulnerability in Mozilla Firefox Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. | 8.8 |
| 2022-12-22 | CVE-2022-34481 | Integer Overflow or Wraparound vulnerability in Mozilla Firefox In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. | 8.8 |