CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22736
https://notcve.org/view.php?id=CVE-2022-22736
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742692 https://www.mozilla.org/security/advisories/mfsa2022-01 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31745
https://notcve.org/view.php?id=CVE-2022-31745
If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. Si no se utilizan operaciones de cambio de matriz, es posible que el recolector de basura se haya confundido acerca de los objetos válidos. Esta vulnerabilidad afecta a Firefox < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1760944 https://www.mozilla.org/security/advisories/mfsa2022-20 • CWE-129: Improper Validation of Array Index •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34478
https://notcve.org/view.php?id=CVE-2022-34478
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. • https://bugzilla.mozilla.org/show_bug.cgi?id=1773717 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34477
https://notcve.org/view.php?id=CVE-2022-34477
The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. La propiedad del mensaje MediaError debe ser coherente para evitar la filtración de información sobre recursos de origen cruzado; sin embargo, para un recurso de origen cruzado del mismo sitio, el mensaje podría haber filtrado información que permitiera ataques XS-Leaks. Esta vulnerabilidad afecta a Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1731614 https://www.mozilla.org/security/advisories/mfsa2022-24 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31746
https://notcve.org/view.php?id=CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 https://www.mozilla.org/security/advisories/mfsa2022-27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •