Vulnerabilities > Mozilla > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-36315 | Unspecified vulnerability in Mozilla Firefox When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. | 4.3 |
2022-12-22 | CVE-2022-36316 | Open Redirect vulnerability in Mozilla Firefox When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. | 6.1 |
2022-12-22 | CVE-2022-36317 | Unspecified vulnerability in Mozilla Firefox When visiting a website with an overly long URL, the user interface would start to hang. | 6.5 |
2022-12-22 | CVE-2022-36318 | Race Condition vulnerability in Mozilla Thunderbird When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. | 5.3 |
2022-12-22 | CVE-2022-38472 | Origin Validation Error vulnerability in Mozilla Thunderbird An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. | 6.5 |
2022-12-22 | CVE-2022-38474 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox A website that had permission to access the microphone could record audio without the audio notification being shown. | 4.3 |
2022-12-22 | CVE-2022-38475 | Incorrect Authorization vulnerability in Mozilla Firefox An attacker could have written a value to the first element in a zero-length JavaScript array. | 6.5 |
2022-12-22 | CVE-2022-3032 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Thunderbird When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. | 6.5 |
2022-12-22 | CVE-2022-3034 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. | 4.3 |
2022-12-22 | CVE-2022-3266 | Out-of-bounds Read vulnerability in Mozilla Thunderbird An out-of-bounds read can occur when decoding H264 video. | 5.5 |