CVE-2022-22762
https://notcve.org/view.php?id=CVE-2022-22762
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743931 https://www.mozilla.org/security/advisories/mfsa2022-04 •
CVE-2022-34471
https://notcve.org/view.php?id=CVE-2022-34471
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. Al descargar una actualización para un complemento, no se verificó que la versión de la actualización del complemento descargada coincidiera con la versión seleccionada en el manifiesto. Si el manifiesto hubiera sido manipulado en el servidor, un atacante podría engañar al navegador para que degradara el complemento a una versión anterior. • https://bugzilla.mozilla.org/show_bug.cgi?id=1766047 https://www.mozilla.org/security/advisories/mfsa2022-24 •
CVE-2022-34476
https://notcve.org/view.php?id=CVE-2022-34476
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. El análisis ASN.1 de una SECUENCIA indefinida dentro de un GRUPO indefinido podría haber dado como resultado que el analizador aceptara ASN.1 con formato incorrecto. Esta vulnerabilidad afecta a Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1387919 https://www.mozilla.org/security/advisories/mfsa2022-24 •
CVE-2022-31748
https://notcve.org/view.php?id=CVE-2022-31748
Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. Los desarrolladores de Mozilla Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 100. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1713773%2C1762201%2C1762469%2C1762770%2C1764878%2C1765226%2C1765782%2C1765973%2C1767177%2C1767181%2C1768232%2C1768251%2C1769869 https://www.mozilla.org/security/advisories/mfsa2022-20 •
CVE-2022-46873
https://notcve.org/view.php?id=CVE-2022-46873
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. • https://bugzilla.mozilla.org/show_bug.cgi?id=1644790 https://security.gentoo.org/glsa/202305-06 https://www.mozilla.org/security/advisories/mfsa2022-51 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •