CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46885
https://notcve.org/view.php?id=CVE-2022-46885
Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106. Los desarrolladores de Mozilla, Timothy Nikkel, Ashley Hale y Mozilla Fuzzing Team, informaron sobre errores de seguridad de la memoria presentes en Firefox 105. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1786818%2C1789729%2C1791363%2C1792041 https://www.mozilla.org/security/advisories/mfsa2022-44 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4221
https://notcve.org/view.php?id=CVE-2021-4221
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. • https://bugzilla.mozilla.org/show_bug.cgi?id=1704422 https://www.mozilla.org/security/advisories/mfsa2021-38 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46883
https://notcve.org/view.php?id=CVE-2022-46883
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1584674%2C1791152%2C1792241%2C1792984%2C1793127%2C1794645 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29910
https://notcve.org/view.php?id=CVE-2022-29910
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. Cuando se cerraba o se enviaba a segundo plano, Firefox para Android no registraba ni conservaba correctamente la configuración HSTS. • https://bugzilla.mozilla.org/show_bug.cgi?id=1757138 https://www.mozilla.org/security/advisories/mfsa2022-16 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31746
https://notcve.org/view.php?id=CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 https://www.mozilla.org/security/advisories/mfsa2022-27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •