CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperadas desde el Sistema Operativo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 https://www.mozilla.org/security/advisories/mfsa2022-28 https://www.mozilla.org/security/advisories/mfsa2022-30 https://www.mozilla.org/security/advisories/mfsa2022-32 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-22744
https://notcve.org/view.php?id=CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1737252 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 • CWE-116: Improper Encoding or Escaping of Output •
CVE-2022-22750
https://notcve.org/view.php?id=CVE-2022-22750
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.<br>*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al aceptar y pasar identificadores de recursos en general entre procesos, un proceso de contenido comprometido podría haber confundido procesos con mayores privilegios para interactuar con identificadores a los que el proceso sin privilegios no debería tener acceso. • https://bugzilla.mozilla.org/show_bug.cgi?id=1566608 https://www.mozilla.org/security/advisories/mfsa2022-01 •
CVE-2022-31746
https://notcve.org/view.php?id=CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 https://www.mozilla.org/security/advisories/mfsa2022-27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-36317
https://notcve.org/view.php?id=CVE-2022-36317
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1759951 https://www.mozilla.org/security/advisories/mfsa2022-28 •