CVE-2021-4221
https://notcve.org/view.php?id=CVE-2021-4221
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. • https://bugzilla.mozilla.org/show_bug.cgi?id=1704422 https://www.mozilla.org/security/advisories/mfsa2021-38 •
CVE-2022-34475
https://notcve.org/view.php?id=CVE-2022-34475
SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102. Las etiquetas SVG <code></code> que hacían referencia a un documento del mismo origen podrían haber dado lugar a la ejecución de un script si la entrada del atacante se hubiera sanitizado a través de la API HTML Sanitizer. Esto habría requerido que el atacante hiciera referencia a un archivo JavaScript del mismo origen que contenía el script a ejecutar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1757210 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-34469
https://notcve.org/view.php?id=CVE-2022-34469
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1721220 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-295: Improper Certificate Validation •
CVE-2022-40961
https://notcve.org/view.php?id=CVE-2022-40961
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. Durante el inicio, un controlador de gráficos con un nombre inesperado podría provocar un desbordamiento del búfer de pila y provocar un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784588 https://www.mozilla.org/security/advisories/mfsa2022-40 • CWE-787: Out-of-bounds Write •
CVE-2022-46875
https://notcve.org/view.php?id=CVE-2022-46875
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 •