Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2708 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-12-22 | CVE-2022-1529 | An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2022-12-22 | CVE-2022-1802 | If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2022-12-22 | CVE-2022-1887 | The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | Firefox | 9.8 | ||
| 2022-12-22 | CVE-2022-22737 | Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | Firefox, Firefox_esr, Thunderbird | 7.5 | ||
| 2022-12-22 | CVE-2022-22736 | If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. | Firefox | 7.0 | ||
| 2022-12-22 | CVE-2022-22738 | Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2022-12-22 | CVE-2022-22739 | Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2022-12-22 | CVE-2022-22740 | Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2022-12-22 | CVE-2022-22741 | When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | Firefox, Firefox_esr, Thunderbird | 7.5 | ||
| 2022-12-22 | CVE-2022-22742 | When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | Firefox, Firefox_esr, Thunderbird | 6.5 |