Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40961 | 2 Google, Mozilla | 2 Android, Firefox | 2023-01-03 | N/A | 6.5 MEDIUM |
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. | |||||
CVE-2022-36317 | 2 Google, Mozilla | 2 Android, Firefox | 2023-01-03 | N/A | 6.5 MEDIUM |
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. | |||||
CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 6.1 MEDIUM |
Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | |||||
CVE-2022-29910 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 6.1 MEDIUM |
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | |||||
CVE-2022-22762 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 4.3 MEDIUM |
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-29 | N/A | 8.8 HIGH |
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
CVE-2022-1529 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2022-12-29 | N/A | 8.8 HIGH |
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | |||||
CVE-2022-1802 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2022-12-29 | N/A | 8.8 HIGH |
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | |||||
CVE-2021-4221 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-23 | N/A | 4.3 MEDIUM |
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92. | |||||
CVE-2022-42534 | 1 Google | 1 Android | 2022-12-21 | N/A | 7.8 HIGH |
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A | |||||
CVE-2022-42532 | 1 Google | 1 Android | 2022-12-21 | N/A | 4.4 MEDIUM |
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A | |||||
CVE-2022-42529 | 1 Google | 1 Android | 2022-12-21 | N/A | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A | |||||
CVE-2022-42531 | 1 Google | 1 Android | 2022-12-21 | N/A | 7.8 HIGH |
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A | |||||
CVE-2022-42530 | 1 Google | 1 Android | 2022-12-21 | N/A | 4.4 MEDIUM |
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A | |||||
CVE-2022-42544 | 1 Google | 1 Android | 2022-12-21 | N/A | 7.8 HIGH |
In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 | |||||
CVE-2022-42543 | 1 Google | 1 Android | 2022-12-21 | N/A | 4.4 MEDIUM |
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A | |||||
CVE-2022-42542 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184 | |||||
CVE-2022-42535 | 1 Google | 1 Android | 2022-12-21 | N/A | 5.5 MEDIUM |
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183 | |||||
CVE-2022-42501 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A | |||||
CVE-2022-42502 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A |