Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-34471 Unspecified vulnerability in Mozilla Firefox
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-34472 Unspecified vulnerability in Mozilla Firefox
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-34473 Cross-site Scripting vulnerability in Mozilla Firefox
The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes.
network
low complexity
mozilla CWE-79
6.1
2022-12-22 CVE-2022-34474 Open Redirect vulnerability in Mozilla Firefox
Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate.
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2022-34475 Cross-site Scripting vulnerability in Mozilla Firefox
SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API.
network
low complexity
mozilla CWE-79
6.1
2022-12-22 CVE-2022-34478 Unspecified vulnerability in Mozilla Firefox
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-34479 Unspecified vulnerability in Mozilla Firefox
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-36314 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows.
local
low complexity
mozilla CWE-427
5.5
2022-12-22 CVE-2022-36315 Unspecified vulnerability in Mozilla Firefox
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-36316 Open Redirect vulnerability in Mozilla Firefox
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect.
network
low complexity
mozilla CWE-601
6.1