CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4128
https://notcve.org/view.php?id=CVE-2021-4128
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. Al entrar y salir del modo de pantalla completa, un objeto gráfico no estaba protegido correctamente; lo que resulta en daños en la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735852 https://www.mozilla.org/security/advisories/mfsa2021-52 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36315
https://notcve.org/view.php?id=CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103. Al cargar un script con Subresource Integrity, los atacantes con capacidad de inyección podrían desencadenar la reutilización de entradas previamente almacenadas en caché con metadatos de integridad incorrectos y diferentes. Esta vulnerabilidad afecta a Firefox < 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1762520 https://www.mozilla.org/security/advisories/mfsa2022-28 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22758
https://notcve.org/view.php?id=CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1728742 https://www.mozilla.org/security/advisories/mfsa2022-04 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31739
https://notcve.org/view.php?id=CVE-2022-31739
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Al descargar archivos en Windows, el carácter % no se escapaba, lo que podría haber provocado que una descarga se guardara incorrectamente en rutas influenciadas por el atacante que utilizaban variables como %HOMEPATH% o %APPDATA%. • https://bugzilla.mozilla.org/show_bug.cgi?id=1765049 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0517
https://notcve.org/view.php?id=CVE-2022-0517
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1. Mozilla VPN puede cargar un archivo de configuración OpenSSL desde un directorio no seguro. Un usuario o atacante con privilegios limitados podría aprovechar esto para ejecutar código arbitrario con privilegios de SYSTEM. • https://bugzilla.mozilla.org/show_bug.cgi?id=1752291 https://www.mozilla.org/security/advisories/mfsa2022-08 • CWE-434: Unrestricted Upload of File with Dangerous Type •