CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36317
https://notcve.org/view.php?id=CVE-2022-36317
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1759951 https://www.mozilla.org/security/advisories/mfsa2022-28 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36316
https://notcve.org/view.php?id=CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. Al utilizar la API Performance, un atacante pudo notar diferencias sutiles entre PerformanceEntries y así saber si la URL de destino había sido objeto de una redirección. Esta vulnerabilidad afecta a Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1768583 https://www.mozilla.org/security/advisories/mfsa2022-28 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36320
https://notcve.org/view.php?id=CVE-2022-36320
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103. Los desarrolladores de Mozilla y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 102. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1759794%2C1760998 https://www.mozilla.org/security/advisories/mfsa2022-28 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31745
https://notcve.org/view.php?id=CVE-2022-31745
If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. Si no se utilizan operaciones de cambio de matriz, es posible que el recolector de basura se haya confundido acerca de los objetos válidos. Esta vulnerabilidad afecta a Firefox < 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1760944 https://www.mozilla.org/security/advisories/mfsa2022-20 • CWE-129: Improper Validation of Array Index •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36315
https://notcve.org/view.php?id=CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103. Al cargar un script con Subresource Integrity, los atacantes con capacidad de inyección podrían desencadenar la reutilización de entradas previamente almacenadas en caché con metadatos de integridad incorrectos y diferentes. Esta vulnerabilidad afecta a Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1762520 https://www.mozilla.org/security/advisories/mfsa2022-28 •