CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34476
https://notcve.org/view.php?id=CVE-2022-34476
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. El análisis ASN.1 de una SECUENCIA indefinida dentro de un GRUPO indefinido podría haber dado como resultado que el analizador aceptara ASN.1 con formato incorrecto. Esta vulnerabilidad afecta a Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1387919 https://www.mozilla.org/security/advisories/mfsa2022-24 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36314
https://notcve.org/view.php?id=CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperadas desde el Sistema Operativo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 https://www.mozilla.org/security/advisories/mfsa2022-28 https://www.mozilla.org/security/advisories/mfsa2022-30 https://www.mozilla.org/security/advisories/mfsa2022-32 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22749
https://notcve.org/view.php?id=CVE-2022-22749
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al escanear códigos QR, Firefox para Android habría permitido la navegación a algunas URL que no apuntan al contenido web. • https://bugzilla.mozilla.org/show_bug.cgi?id=1705094 https://www.mozilla.org/security/advisories/mfsa2022-01 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34485
https://notcve.org/view.php?id=CVE-2022-34485
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102. Los desarrolladores de Mozilla, Bryce Seager van Dyk y Mozilla Fuzzing Team, informaron sobre posibles vulnerabilidades presentes en Firefox 101. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1768409%2C1768578 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4128
https://notcve.org/view.php?id=CVE-2021-4128
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. Al entrar y salir del modo de pantalla completa, un objeto gráfico no estaba protegido correctamente; lo que resulta en daños en la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735852 https://www.mozilla.org/security/advisories/mfsa2021-52 • CWE-416: Use After Free •