CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45407
https://notcve.org/view.php?id=CVE-2022-45407
If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107. Si un atacante cargó una fuente usando <code>FontFace()</code> en un trabajador en segundo plano, podría haberse producido un use after free, lo que habría provocado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 107. • https://bugzilla.mozilla.org/show_bug.cgi?id=1793314 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45417
https://notcve.org/view.php?id=CVE-2022-45417
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107. Los Service Workers no detectaron correctamente el modo de navegación privada en todos los casos, lo que podría haber provocado que los Service Workers se escribieran en el disco para los sitios web visitados en el modo de navegación privada. Esto no los habría mantenido en un estado en el que se ejecutarían nuevamente, pero habría filtrado los detalles del modo de navegación privada al disco. • https://bugzilla.mozilla.org/show_bug.cgi?id=1794508 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45420 – Mozilla: Iframe contents could be rendered outside the iframe
https://notcve.org/view.php?id=CVE-2022-45420
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Al utilizar tablas dentro de un iframe, un atacante podría haber provocado que el contenido del iframe se representara fuera de los límites del iframe, lo que provocaría una posible confusión del usuario o ataques de suplantación de identidad. Esta vulnerabilidad afecta a Firefox ESR < 102,5, Thunderbird < 102.5 y Firefox < 107. The Mozilla Foundation Security Advisory describes this flaw as: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1792643 https://www.mozilla.org/security/advisories/mfsa2022-47 https://www.mozilla.org/security/advisories/mfsa2022-48 https://www.mozilla.org/security/advisories/mfsa2022-49 https://access.redhat.com/security/cve/CVE-2022-45420 https://bugzilla.redhat.com/show_bug.cgi?id=2143242 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3266
https://notcve.org/view.php?id=CVE-2022-3266
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Puede ocurrir una lectura fuera de los límites al decodificar video H264. Esto da como resultado un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767360 https://www.mozilla.org/security/advisories/mfsa2022-40 https://www.mozilla.org/security/advisories/mfsa2022-41 https://www.mozilla.org/security/advisories/mfsa2022-42 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42930
https://notcve.org/view.php?id=CVE-2022-42930
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. Si dos trabajadores inicializaran simultáneamente su CacheStorage, podría haberse producido una "carrera" de datos en el componente 'ThirdPartyUtil'. Esta vulnerabilidad afecta a Firefox < 106. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789503 https://www.mozilla.org/security/advisories/mfsa2022-44 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •