CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22755
https://notcve.org/view.php?id=CVE-2022-22755
22 Dec 2022 — By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97. Al utilizar transformaciones XSL, un servidor web malicioso podría haber entregado a un usuario un documento XSL que continuaría ejecutando JavaScript (dentro de los límites de la política del mismo origen) incluso después de cerrar la pestaña. Esta vulnerabilidad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1309630 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40961
https://notcve.org/view.php?id=CVE-2022-40961
22 Dec 2022 — During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. Durante el inicio, un controlador de gráficos con un nombre inesperado podría provocar un desbordamiento del búfer de pila y provocar un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784588 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
22 Dec 2022 — When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22744
https://notcve.org/view.php?id=CVE-2022-22744
22 Dec 2022 — The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1737252 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22758
https://notcve.org/view.php?id=CVE-2022-22758
22 Dec 2022 — When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1728742 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46871 – Mozilla: libusrsctp library out of date
https://notcve.org/view.php?id=CVE-2022-46871
15 Dec 2022 — An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795697 • CWE-1104: Use of Unmaintained Third Party Components •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46879 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2022-46879
15 Dec 2022 — Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736224%2C1793407%2C1794249%2C1795845%2C1797682%2C1797720%2C1798494%2C1799479 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46873 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2022-46873
15 Dec 2022 — Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1644790 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46878 – Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
https://notcve.org/view.php?id=CVE-2022-46878
15 Dec 2022 — Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Randell Jesup, Valentin Gosu, Oll... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1782219%2C1797370%2C1797685%2C1801102%2C1801315%2C1802395 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46882 – Mozilla: Use-after-free in WebGL
https://notcve.org/view.php?id=CVE-2022-46882
15 Dec 2022 — A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free in WebGL extensions could have led to a potentially exploitable crash. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit t... • https://bugzilla.mozilla.org/show_bug.cgi?id=1789371 • CWE-416: Use After Free •