CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4128
https://notcve.org/view.php?id=CVE-2021-4128
22 Dec 2022 — When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. Al entrar y salir del modo de pantalla completa, un objeto gráfico no estaba protegido correctamente; lo que resulta en daños en la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735852 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31739
https://notcve.org/view.php?id=CVE-2022-31739
22 Dec 2022 — When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Al descargar archivos en Windows, el carácter % no se escapaba, lo que podría haber provocado que una descarga se guardara in... • https://bugzilla.mozilla.org/show_bug.cgi?id=1765049 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31746
https://notcve.org/view.php?id=CVE-2022-31746
22 Dec 2022 — Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
22 Dec 2022 — When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36317
https://notcve.org/view.php?id=CVE-2022-36317
22 Dec 2022 — When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1759951 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46871 – Mozilla: libusrsctp library out of date
https://notcve.org/view.php?id=CVE-2022-46871
15 Dec 2022 — An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795697 • CWE-1104: Use of Unmaintained Third Party Components •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46872 – Mozilla: Arbitrary file read from a compromised content process
https://notcve.org/view.php?id=CVE-2022-46872
15 Dec 2022 — An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.
*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipbo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1799156 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46873 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2022-46873
15 Dec 2022 — Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1644790 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46874 – Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
https://notcve.org/view.php?id=CVE-2022-46874
15 Dec 2022 — A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.
*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and... • https://bugzilla.mozilla.org/show_bug.cgi?id=1746139 • CWE-222: Truncation of Security-relevant Information •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46877 – Mozilla: Fullscreen notification bypass
https://notcve.org/view.php?id=CVE-2022-46877
15 Dec 2022 — By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795139 • CWE-357: Insufficient UI Warning of Dangerous Operations •