CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22762
https://notcve.org/view.php?id=CVE-2022-22762
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743931 https://www.mozilla.org/security/advisories/mfsa2022-04 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34471
https://notcve.org/view.php?id=CVE-2022-34471
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. Al descargar una actualización para un complemento, no se verificó que la versión de la actualización del complemento descargada coincidiera con la versión seleccionada en el manifiesto. Si el manifiesto hubiera sido manipulado en el servidor, un atacante podría engañar al navegador para que degradara el complemento a una versión anterior. • https://bugzilla.mozilla.org/show_bug.cgi?id=1766047 https://www.mozilla.org/security/advisories/mfsa2022-24 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34474
https://notcve.org/view.php?id=CVE-2022-34474
Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Incluso cuando un iframe estaba protegido con <code>allow-top-navigation-by-user-activation</code>, si recibía un encabezado de redireccionamiento a un protocolo externo, el navegador procesaría el redireccionamiento y avisaría al usuario según corresponda. Esta vulnerabilidad afecta a Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46883
https://notcve.org/view.php?id=CVE-2022-46883
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1584674%2C1791152%2C1792241%2C1792984%2C1793127%2C1794645 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34477
https://notcve.org/view.php?id=CVE-2022-34477
The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. La propiedad del mensaje MediaError debe ser coherente para evitar la filtración de información sobre recursos de origen cruzado; sin embargo, para un recurso de origen cruzado del mismo sitio, el mensaje podría haber filtrado información que permitiera ataques XS-Leaks. Esta vulnerabilidad afecta a Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1731614 https://www.mozilla.org/security/advisories/mfsa2022-24 •