Page 48 of 2526 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-46873

https://notcve.org/view.php?id=CVE-2022-46873

Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. • https://bugzilla.mozilla.org/show_bug.cgi?id=1644790 https://security.gentoo.org/glsa/202305-06 https://www.mozilla.org/security/advisories/mfsa2022-51 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-46879

https://notcve.org/view.php?id=CVE-2022-46879

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736224%2C1793407%2C1794249%2C1795845%2C1797682%2C1797720%2C1798494%2C1799479 https://security.gentoo.org/glsa/202305-06 https://www.mozilla.org/security/advisories/mfsa2022-51 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46871 – Mozilla: libusrsctp library out of date

https://notcve.org/view.php?id=CVE-2022-46871

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795697 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46871 • CWE-1104: Use of Unmaintained Third Party Components •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46877 – Mozilla: Fullscreen notification bypass

https://notcve.org/view.php?id=CVE-2022-46877

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795139 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46877 • CWE-357: Insufficient UI Warning of Dangerous Operations •

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-46872 – Mozilla: Arbitrary file read from a compromised content process

https://notcve.org/view.php?id=CVE-2022-46872

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. *This bug only affects Firefox for Linux. • https://bugzilla.mozilla.org/show_bug.cgi?id=1799156 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 https://access.redhat.com/security/cve/CVE-2022-46872 https://bugzilla.redhat.com/show_bug.cgi?id=2153441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •