Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-40956 Cross-site Scripting vulnerability in Mozilla Thunderbird
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead.
network
low complexity
mozilla CWE-79
6.1
2022-12-22 CVE-2022-40957 Unspecified vulnerability in Mozilla Thunderbird
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-40958 Injection vulnerability in Mozilla Thunderbird
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks.
network
low complexity
mozilla CWE-74
6.5
2022-12-22 CVE-2022-40959 Insecure Storage of Sensitive Information vulnerability in Mozilla Thunderbird
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments.
network
low complexity
mozilla CWE-922
6.5
2022-12-22 CVE-2022-40960 Use After Free vulnerability in Mozilla Thunderbird
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-40961 Out-of-bounds Write vulnerability in Mozilla Firefox
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android.
network
low complexity
mozilla CWE-787
6.5
2022-12-22 CVE-2022-42929 Unspecified vulnerability in Mozilla Firefox
If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-45403 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file.
network
low complexity
mozilla CWE-203
6.5
2022-12-22 CVE-2022-45404 Unspecified vulnerability in Mozilla Firefox
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-45405 Use After Free vulnerability in Mozilla Firefox
Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5