CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1887
https://notcve.org/view.php?id=CVE-2022-1887
22 Dec 2022 — The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. El término de búsqueda podría haberse especificado externamente para activar la inyección SQL. Esta vulnerabilidad afecta a Firefox para iOS < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767205 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46883
https://notcve.org/view.php?id=CVE-2022-46883
22 Dec 2022 — Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vuln... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1584674%2C1791152%2C1792241%2C1792984%2C1793127%2C1794645 • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22749
https://notcve.org/view.php?id=CVE-2022-22749
22 Dec 2022 — When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al escanear códigos QR, Firefox para Android habría permitido la navegación a algunas URL que no apuntan al contenido web. • https://bugzilla.mozilla.org/show_bug.cgi?id=1705094 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31746
https://notcve.org/view.php?id=CVE-2022-31746
22 Dec 2022 — Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
22 Dec 2022 — When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31743
https://notcve.org/view.php?id=CVE-2022-31743
22 Dec 2022 — Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101. El analizador HTML de Firefox no interpretó correctamente las etiquetas de comentarios HTML, lo que provocó una incongruencia con otros navegadores. Esto podría haberse utilizado para escapar de los comentarios HTML en páginas que contienen datos control... • https://bugzilla.mozilla.org/show_bug.cgi?id=1747388 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40961
https://notcve.org/view.php?id=CVE-2022-40961
22 Dec 2022 — During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. Durante el inicio, un controlador de gráficos con un nombre inesperado podría provocar un desbordamiento del búfer de pila y provocar un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784588 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22750
https://notcve.org/view.php?id=CVE-2022-22750
22 Dec 2022 — By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.
*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al aceptar y pasar identificadores de recursos en general entre procesos, un proceso de contenido comprometido podría haber confundido proceso... • https://bugzilla.mozilla.org/show_bug.cgi?id=1566608 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4221
https://notcve.org/view.php?id=CVE-2021-4221
22 Dec 2022 — If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. • https://bugzilla.mozilla.org/show_bug.cgi?id=1704422 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31745
https://notcve.org/view.php?id=CVE-2022-31745
22 Dec 2022 — If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. Si no se utilizan operaciones de cambio de matriz, es posible que el recolector de basura se haya confundido acerca de los objetos válidos. Esta vulnerabilidad afecta a Firefox < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1760944 • CWE-129: Improper Validation of Array Index •