Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-26383 Unspecified vulnerability in Mozilla Firefox
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-26385 Use After Free vulnerability in Mozilla Firefox
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-26386 Unspecified vulnerability in Mozilla Firefox ESR
Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-28282 Use After Free vulnerability in Mozilla Firefox ESR
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-28283 Unspecified vulnerability in Mozilla Firefox
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-28285 Out-of-bounds Read vulnerability in Mozilla Firefox ESR
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used.
network
low complexity
mozilla CWE-125
6.5
2022-12-22 CVE-2022-28286 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR
Due to a layout change, iframe contents could have been rendered outside of its border.
network
low complexity
mozilla CWE-1021
5.4
2022-12-22 CVE-2022-28287 Unspecified vulnerability in Mozilla Firefox
In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-29910 Open Redirect vulnerability in Mozilla Firefox
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android.
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2022-29911 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present.
network
low complexity
mozilla CWE-1021
6.1