CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34469
https://notcve.org/view.php?id=CVE-2022-34469
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1721220 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40961
https://notcve.org/view.php?id=CVE-2022-40961
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. Durante el inicio, un controlador de gráficos con un nombre inesperado podría provocar un desbordamiento del búfer de pila y provocar un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784588 https://www.mozilla.org/security/advisories/mfsa2022-40 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46875
https://notcve.org/view.php?id=CVE-2022-46875
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34483
https://notcve.org/view.php?id=CVE-2022-34483
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1335845 https://www.mozilla.org/security/advisories/mfsa2022-24 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36316
https://notcve.org/view.php?id=CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. Al utilizar la API Performance, un atacante pudo notar diferencias sutiles entre PerformanceEntries y así saber si la URL de destino había sido objeto de una redirección. Esta vulnerabilidad afecta a Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1768583 https://www.mozilla.org/security/advisories/mfsa2022-28 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •