CVE-2022-34476
https://notcve.org/view.php?id=CVE-2022-34476
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. El análisis ASN.1 de una SECUENCIA indefinida dentro de un GRUPO indefinido podría haber dado como resultado que el analizador aceptara ASN.1 con formato incorrecto. Esta vulnerabilidad afecta a Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1387919 https://www.mozilla.org/security/advisories/mfsa2022-24 •
CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperadas desde el Sistema Operativo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 https://www.mozilla.org/security/advisories/mfsa2022-28 https://www.mozilla.org/security/advisories/mfsa2022-30 https://www.mozilla.org/security/advisories/mfsa2022-32 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-22749
https://notcve.org/view.php?id=CVE-2022-22749
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al escanear códigos QR, Firefox para Android habría permitido la navegación a algunas URL que no apuntan al contenido web. • https://bugzilla.mozilla.org/show_bug.cgi?id=1705094 https://www.mozilla.org/security/advisories/mfsa2022-01 •
CVE-2021-4128
https://notcve.org/view.php?id=CVE-2021-4128
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. Al entrar y salir del modo de pantalla completa, un objeto gráfico no estaba protegido correctamente; lo que resulta en daños en la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735852 https://www.mozilla.org/security/advisories/mfsa2021-52 • CWE-416: Use After Free •
CVE-2022-1887
https://notcve.org/view.php?id=CVE-2022-1887
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. El término de búsqueda podría haberse especificado externamente para activar la inyección SQL. Esta vulnerabilidad afecta a Firefox para iOS < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767205 https://www.mozilla.org/security/advisories/mfsa2022-23 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •