CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1887
https://notcve.org/view.php?id=CVE-2022-1887
22 Dec 2022 — The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. El término de búsqueda podría haberse especificado externamente para activar la inyección SQL. Esta vulnerabilidad afecta a Firefox para iOS < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767205 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46883
https://notcve.org/view.php?id=CVE-2022-46883
22 Dec 2022 — Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vuln... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1584674%2C1791152%2C1792241%2C1792984%2C1793127%2C1794645 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46885
https://notcve.org/view.php?id=CVE-2022-46885
22 Dec 2022 — Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106. Los desarrolladores de Mozilla, Timothy Nikkel, Ashley Hale y Mozilla Fuzzing Team, informaron sobre errores de seguridad de la memoria presentes en Firefox 105. Algunos de estos erro... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1786818%2C1789729%2C1791363%2C1792041 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46875 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2022-46875
22 Dec 2022 — The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22746
https://notcve.org/view.php?id=CVE-2022-22746
22 Dec 2022 — A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Una condición de ejecución podría haber permitido omitir la notificación de pantalla completa, lo que podría haber llevado a que una ventana falsa de pantalla completa pasara desapercibida. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735071 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22749
https://notcve.org/view.php?id=CVE-2022-22749
22 Dec 2022 — When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al escanear códigos QR, Firefox para Android habría permitido la navegación a algunas URL que no apuntan al contenido web. • https://bugzilla.mozilla.org/show_bug.cgi?id=1705094 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22750
https://notcve.org/view.php?id=CVE-2022-22750
22 Dec 2022 — By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.
*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al aceptar y pasar identificadores de recursos en general entre procesos, un proceso de contenido comprometido podría haber confundido proceso... • https://bugzilla.mozilla.org/show_bug.cgi?id=1566608 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-22753
https://notcve.org/view.php?id=CVE-2022-22753
22 Dec 2022 — A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1732435 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22755
https://notcve.org/view.php?id=CVE-2022-22755
22 Dec 2022 — By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97. Al utilizar transformaciones XSL, un servidor web malicioso podría haber entregado a un usuario un documento XSL que continuaría ejecutando JavaScript (dentro de los límites de la política del mismo origen) incluso después de cerrar la pestaña. Esta vulnerabilidad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1309630 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22758
https://notcve.org/view.php?id=CVE-2022-22758
22 Dec 2022 — When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1728742 • CWE-319: Cleartext Transmission of Sensitive Information •