CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1887
https://notcve.org/view.php?id=CVE-2022-1887
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. El término de búsqueda podría haberse especificado externamente para activar la inyección SQL. Esta vulnerabilidad afecta a Firefox para iOS < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767205 https://www.mozilla.org/security/advisories/mfsa2022-23 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34474
https://notcve.org/view.php?id=CVE-2022-34474
Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Incluso cuando un iframe estaba protegido con <code>allow-top-navigation-by-user-activation</code>, si recibía un encabezado de redireccionamiento a un protocolo externo, el navegador procesaría el redireccionamiento y avisaría al usuario según corresponda. Esta vulnerabilidad afecta a Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46875
https://notcve.org/view.php?id=CVE-2022-46875
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-22753
https://notcve.org/view.php?id=CVE-2022-22753
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1732435 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40961
https://notcve.org/view.php?id=CVE-2022-40961
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. Durante el inicio, un controlador de gráficos con un nombre inesperado podría provocar un desbordamiento del búfer de pila y provocar un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784588 https://www.mozilla.org/security/advisories/mfsa2022-40 • CWE-787: Out-of-bounds Write •