CVE-2022-36316
https://notcve.org/view.php?id=CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. Al utilizar la API Performance, un atacante pudo notar diferencias sutiles entre PerformanceEntries y así saber si la URL de destino había sido objeto de una redirección. Esta vulnerabilidad afecta a Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1768583 https://www.mozilla.org/security/advisories/mfsa2022-28 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-36320
https://notcve.org/view.php?id=CVE-2022-36320
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103. Los desarrolladores de Mozilla y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 102. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1759794%2C1760998 https://www.mozilla.org/security/advisories/mfsa2022-28 • CWE-787: Out-of-bounds Write •
CVE-2021-4129 – Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
https://notcve.org/view.php?id=CVE-2021-4129
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. Los desarrolladores de Mozilla y miembros de la comunidad Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler y Masayuki Nakano informaron sobre errores de seguridad de la memoria presentes en Firefox 94. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421 https://www.mozilla.org/security/advisories/mfsa2021-52 https://www.mozilla.org/security/advisories/mfsa2021-53 https://www.mozilla.org/security/advisories/mfsa2021-54 https://access.redhat.com/security/cve/CVE-2021-4129 https://bugzilla.redhat.com/show_bug.cgi?id=2030116 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2022-22762
https://notcve.org/view.php?id=CVE-2022-22762
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743931 https://www.mozilla.org/security/advisories/mfsa2022-04 •
CVE-2022-31745
https://notcve.org/view.php?id=CVE-2022-31745
If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. Si no se utilizan operaciones de cambio de matriz, es posible que el recolector de basura se haya confundido acerca de los objetos válidos. Esta vulnerabilidad afecta a Firefox < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1760944 https://www.mozilla.org/security/advisories/mfsa2022-20 • CWE-129: Improper Validation of Array Index •