CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22746
https://notcve.org/view.php?id=CVE-2022-22746
22 Dec 2022 — A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Una condición de ejecución podría haber permitido omitir la notificación de pantalla completa, lo que podría haber llevado a que una ventana falsa de pantalla completa pasara desapercibida. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735071 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22755
https://notcve.org/view.php?id=CVE-2022-22755
22 Dec 2022 — By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97. Al utilizar transformaciones XSL, un servidor web malicioso podría haber entregado a un usuario un documento XSL que continuaría ejecutando JavaScript (dentro de los límites de la política del mismo origen) incluso después de cerrar la pestaña. Esta vulnerabilidad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1309630 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40961
https://notcve.org/view.php?id=CVE-2022-40961
22 Dec 2022 — During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. Durante el inicio, un controlador de gráficos con un nombre inesperado podría provocar un desbordamiento del búfer de pila y provocar un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784588 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
22 Dec 2022 — When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31746
https://notcve.org/view.php?id=CVE-2022-31746
22 Dec 2022 — Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22762
https://notcve.org/view.php?id=CVE-2022-22762
22 Dec 2022 — Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743931 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46875 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2022-46875
22 Dec 2022 — The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46883
https://notcve.org/view.php?id=CVE-2022-46883
22 Dec 2022 — Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vuln... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1584674%2C1791152%2C1792241%2C1792984%2C1793127%2C1794645 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4221
https://notcve.org/view.php?id=CVE-2021-4221
22 Dec 2022 — If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. • https://bugzilla.mozilla.org/show_bug.cgi?id=1704422 • CWE-1007: Insufficient Visual Distinction of Homoglyphs Presented to User •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22744
https://notcve.org/view.php?id=CVE-2022-22744
22 Dec 2022 — The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1737252 • CWE-116: Improper Encoding or Escaping of Output •