Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-46883 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. | 8.8 |
| 2022-12-22 | CVE-2022-46885 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. | 8.8 |
| 2022-11-19 | CVE-2022-4066 | Improper Resource Shutdown or Release vulnerability in multiple products A vulnerability was found in davidmoreno onion. | 8.2 |
| 2022-10-14 | CVE-2022-3479 | Unspecified vulnerability in Mozilla Network Security Services 3.77 A vulnerability found in nss. | 7.5 |
| 2022-05-05 | CVE-2022-29167 | Unspecified vulnerability in Mozilla Hawk Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. | 7.5 |
| 2021-12-08 | CVE-2021-38504 | Use After Free vulnerability in multiple products When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-12-08 | CVE-2021-38510 | Unspecified vulnerability in Mozilla Firefox The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. | 8.8 |
| 2021-12-08 | CVE-2021-43534 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. | 8.8 |
| 2021-12-08 | CVE-2021-43535 | Use After Free vulnerability in multiple products A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-12-08 | CVE-2021-43537 | Incorrect Type Conversion or Cast vulnerability in multiple products An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. | 8.8 |