Vulnerabilities > Mozilla > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-45412 | Link Following vulnerability in Mozilla Firefox When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. | 8.8 |
2022-12-22 | CVE-2022-45414 | Unspecified vulnerability in Mozilla Thunderbird If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. | 8.1 |
2022-12-22 | CVE-2022-45415 | Unspecified vulnerability in Mozilla Firefox When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. | 7.8 |
2022-12-22 | CVE-2022-45421 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. | 8.8 |
2022-12-22 | CVE-2022-46871 | An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. | 8.8 |
2022-12-22 | CVE-2022-46872 | Unspecified vulnerability in Mozilla Firefox An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. | 8.6 |
2022-12-22 | CVE-2022-46873 | Injection vulnerability in Mozilla Firefox Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. | 8.8 |
2022-12-22 | CVE-2022-46874 | Unspecified vulnerability in Mozilla Firefox A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. | 8.8 |
2022-12-22 | CVE-2022-46878 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. | 8.8 |
2022-12-22 | CVE-2022-46879 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. | 8.8 |