Vulnerabilities > Mozilla > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-31745 | Improper Validation of Array Index vulnerability in Mozilla Firefox If array shift operations are not used, the Garbage Collector may have become confused about valid objects. | 4.3 |
2022-12-22 | CVE-2022-31746 | Information Exposure vulnerability in Mozilla Firefox Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. | 6.5 |
2022-12-22 | CVE-2022-34471 | Unspecified vulnerability in Mozilla Firefox When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. | 6.5 |
2022-12-22 | CVE-2022-34472 | Unspecified vulnerability in Mozilla Firefox If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. | 4.3 |
2022-12-22 | CVE-2022-34473 | Cross-site Scripting vulnerability in Mozilla Firefox The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. | 6.1 |
2022-12-22 | CVE-2022-34474 | Open Redirect vulnerability in Mozilla Firefox Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. | 6.1 |
2022-12-22 | CVE-2022-34475 | Cross-site Scripting vulnerability in Mozilla Firefox SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. | 6.1 |
2022-12-22 | CVE-2022-34478 | Unspecified vulnerability in Mozilla Firefox The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. | 6.5 |
2022-12-22 | CVE-2022-34479 | Unspecified vulnerability in Mozilla Firefox A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. | 6.5 |
2022-12-22 | CVE-2022-36314 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. | 5.5 |