CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22760 – Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types
https://notcve.org/view.php?id=CVE-2022-22760
14 Feb 2022 — When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas application/javascript y respuestas sin script. Se podría haber abu... • https://bugzilla.mozilla.org/show_bug.cgi?id=1740985 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22737 – Mozilla: Race condition when playing audio files
https://notcve.org/view.php?id=CVE-2022-22737
13 Jan 2022 — Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. La construcción de receptores de audio podría haber provocado una condición de ejecución al reproducir archivos de audio y cerrar ventanas. Esto podría haber dado lugar a un use-after-free que provocaría un bloqueo potencialmente explotab... • https://bugzilla.mozilla.org/show_bug.cgi?id=1745874 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22738 – Mozilla: Heap-buffer-overflow in blendGaussianBlur
https://notcve.org/view.php?id=CVE-2022-22738
13 Jan 2022 — Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. La aplicación de un efecto de filtro CSS podría haber accedido a la memoria fuera de los límites. Esto podría haber provocado un desbordamiento de búfer de almacenamiento dinámico provocando un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742382 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22739 – Mozilla: Missing throttling on external protocol launch dialog
https://notcve.org/view.php?id=CVE-2022-22739
13 Jan 2022 — Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los sitios web maliciosos podrían haber engañado a los usuarios para que aceptaran iniciar un programa para manejar un protocolo URL externo. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. The Mozilla Foundation Security Advisory describes this flaw as: Malicious we... • https://bugzilla.mozilla.org/show_bug.cgi?id=1744158 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22740 – Mozilla: Use-after-free of ChannelEventQueue::mOwner
https://notcve.org/view.php?id=CVE-2022-22740
13 Jan 2022 — Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Ciertos objetos de solicitud de red se liberaron demasiado pronto al liberar un identificador de solicitud de red. Esto podría haber dado lugar a un use-after-free que provocaría un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742334 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22741 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-22741
13 Jan 2022 — When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al cambiar el tamaño de una ventana emergente mientras se solicita acceso a pantalla completa, la ventana emergente no podría salir del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1740389 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22742 – Mozilla: Out-of-bounds memory access when inserting text in edit mode
https://notcve.org/view.php?id=CVE-2022-22742
13 Jan 2022 — When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al insertar texto en el modo de edición, es posible que algunos caracteres hayan provocado un acceso a la memoria fuera de los límites, lo que provocó un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A... • https://bugzilla.mozilla.org/show_bug.cgi?id=1739923 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22743 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-22743
13 Jan 2022 — When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al navegar desde dentro de un iframe mientras se solicita acceso a pantalla completa, una pestaña controlada por un atacante podría haber impedido que el navegador saliera del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox &l... • https://bugzilla.mozilla.org/show_bug.cgi?id=1739220 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22745 – Mozilla: Leaking cross-origin URLs through securitypolicyviolation event
https://notcve.org/view.php?id=CVE-2022-22745
13 Jan 2022 — Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los eventos de violación de la política de seguridad podrían haber filtrado información de origen cruzado sobre violaciones de los ancestros del frame. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735856 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22747 – Mozilla: Crash when handling empty pkcs7 sequence
https://notcve.org/view.php?id=CVE-2022-22747
13 Jan 2022 — After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Después de aceptar un certificado que no es de confianza, manejar una secuencia pkcs7 vacía como parte de los datos del certificado podría haber provocado un bloqueo. Se cree que este accidente no es explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •