CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45407
https://notcve.org/view.php?id=CVE-2022-45407
If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107. Si un atacante cargó una fuente usando <code>FontFace()</code> en un trabajador en segundo plano, podría haberse producido un use after free, lo que habría provocado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 107. • https://bugzilla.mozilla.org/show_bug.cgi?id=1793314 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45413
https://notcve.org/view.php?id=CVE-2022-45413
Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791201 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45415
https://notcve.org/view.php?id=CVE-2022-45415
When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107. • https://bugzilla.mozilla.org/show_bug.cgi?id=1793551 https://www.mozilla.org/security/advisories/mfsa2022-47 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45417
https://notcve.org/view.php?id=CVE-2022-45417
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107. Los Service Workers no detectaron correctamente el modo de navegación privada en todos los casos, lo que podría haber provocado que los Service Workers se escribieran en el disco para los sitios web visitados en el modo de navegación privada. Esto no los habría mantenido en un estado en el que se ejecutarían nuevamente, pero habría filtrado los detalles del modo de navegación privada al disco. • https://bugzilla.mozilla.org/show_bug.cgi?id=1794508 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45419
https://notcve.org/view.php?id=CVE-2022-45419
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107. Si el usuario agregó una excepción de seguridad para un certificado TLS no válido, abrió una conexión TLS en curso con un servidor que usaba ese certificado y luego eliminó la excepción, Firefox habría mantenido viva la conexión, haciendo que pareciera que el certificado todavía era confiable. Esta vulnerabilidad afecta a Firefox < 107. • https://bugzilla.mozilla.org/show_bug.cgi?id=1716082 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-295: Improper Certificate Validation •