CVE-2022-31746
https://notcve.org/view.php?id=CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 https://www.mozilla.org/security/advisories/mfsa2022-27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-36317
https://notcve.org/view.php?id=CVE-2022-36317
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1759951 https://www.mozilla.org/security/advisories/mfsa2022-28 •
CVE-2022-46883
https://notcve.org/view.php?id=CVE-2022-46883
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1584674%2C1791152%2C1792241%2C1792984%2C1793127%2C1794645 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-787: Out-of-bounds Write •
CVE-2022-31743
https://notcve.org/view.php?id=CVE-2022-31743
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101. El analizador HTML de Firefox no interpretó correctamente las etiquetas de comentarios HTML, lo que provocó una incongruencia con otros navegadores. Esto podría haberse utilizado para escapar de los comentarios HTML en páginas que contienen datos controlados por el usuario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1747388 https://www.mozilla.org/security/advisories/mfsa2022-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-4129 – Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
https://notcve.org/view.php?id=CVE-2021-4129
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. Los desarrolladores de Mozilla y miembros de la comunidad Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler y Masayuki Nakano informaron sobre errores de seguridad de la memoria presentes en Firefox 94. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421 https://www.mozilla.org/security/advisories/mfsa2021-52 https://www.mozilla.org/security/advisories/mfsa2021-53 https://www.mozilla.org/security/advisories/mfsa2021-54 https://access.redhat.com/security/cve/CVE-2021-4129 https://bugzilla.redhat.com/show_bug.cgi?id=2030116 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •