Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-36315 Unspecified vulnerability in Mozilla Firefox
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-36316 Open Redirect vulnerability in Mozilla Firefox
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect.
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2022-36317 Unspecified vulnerability in Mozilla Firefox
When visiting a website with an overly long URL, the user interface would start to hang.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-36318 Race Condition vulnerability in Mozilla Thunderbird
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected.
network
high complexity
mozilla CWE-362
5.3
2022-12-22 CVE-2022-38472 Origin Validation Error vulnerability in Mozilla Thunderbird
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar.
network
low complexity
mozilla CWE-346
6.5
2022-12-22 CVE-2022-38474 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox
A website that had permission to access the microphone could record audio without the audio notification being shown.
network
low complexity
mozilla CWE-668
4.3
2022-12-22 CVE-2022-38475 Incorrect Authorization vulnerability in Mozilla Firefox
An attacker could have written a value to the first element in a zero-length JavaScript array.
network
low complexity
mozilla CWE-863
6.5
2022-12-22 CVE-2022-3032 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Thunderbird
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked.
network
low complexity
mozilla CWE-610
6.5
2022-12-22 CVE-2022-3034 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent.
network
low complexity
mozilla CWE-1021
4.3
2022-12-22 CVE-2022-3266 Out-of-bounds Read vulnerability in Mozilla Thunderbird
An out-of-bounds read can occur when decoding H264 video.
local
low complexity
mozilla CWE-125
5.5