CVE-2022-46882 – Mozilla: Use-after-free in WebGL
https://notcve.org/view.php?id=CVE-2022-46882
This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789371 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-47 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 https://access.redhat.com/security/cve/CVE-2022-46882 https://bugzilla.redhat.com/show_bug.cgi?id=2153467 • CWE-416: Use After Free •
CVE-2022-4291 – Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption
https://notcve.org/view.php?id=CVE-2022-4291
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component. La librería aswjsflt.dll de las ventanas de Avast Antivirus contenía una vulnerabilidad de corrupción de montón potencialmente explotable que podría permitir a un atacante omitir la sandbox de la aplicación en la que se cargó, si corresponde. Este problema se solucionó en la versión 18.0.1478 del componente Script Shield. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-45406 – Mozilla: Use-after-free of a JavaScript Realm
https://notcve.org/view.php?id=CVE-2022-45406
This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791975 https://www.mozilla.org/security/advisories/mfsa2022-47 https://www.mozilla.org/security/advisories/mfsa2022-48 https://www.mozilla.org/security/advisories/mfsa2022-49 https://access.redhat.com/security/cve/CVE-2022-45406 https://bugzilla.redhat.com/show_bug.cgi?id=2143200 • CWE-416: Use After Free •
CVE-2022-34470 – Mozilla: Use-after-free in nsSHistory
https://notcve.org/view.php?id=CVE-2022-34470
This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. ... Esta vulnerabilidad afecta a Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102 y Thunderbird < 91.11. • https://bugzilla.mozilla.org/show_bug.cgi?id=1765951 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34470 https://bugzilla.redhat.com/show_bug.cgi?id=2102162 • CWE-416: Use After Free •
CVE-2022-31736 – Mozilla: Cross-Origin resource's length leaked
https://notcve.org/view.php?id=CVE-2022-31736
This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. ... Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735923 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31736 https://bugzilla.redhat.com/show_bug.cgi?id=2092018 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •