CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31739
https://notcve.org/view.php?id=CVE-2022-31739
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Al descargar archivos en Windows, el carácter % no se escapaba, lo que podría haber provocado que una descarga se guardara incorrectamente en rutas influenciadas por el atacante que utilizaban variables como %HOMEPATH% o %APPDATA%. • https://bugzilla.mozilla.org/show_bug.cgi?id=1765049 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46875
https://notcve.org/view.php?id=CVE-2022-46875
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22746
https://notcve.org/view.php?id=CVE-2022-22746
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Una condición de ejecución podría haber permitido omitir la notificación de pantalla completa, lo que podría haber llevado a que una ventana falsa de pantalla completa pasara desapercibida. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735071 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperadas desde el Sistema Operativo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 https://www.mozilla.org/security/advisories/mfsa2022-28 https://www.mozilla.org/security/advisories/mfsa2022-30 https://www.mozilla.org/security/advisories/mfsa2022-32 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22744
https://notcve.org/view.php?id=CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1737252 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 • CWE-116: Improper Encoding or Escaping of Output •