Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36316 | 1 Mozilla | 1 Firefox | 2023-01-03 | N/A | 6.1 MEDIUM |
| When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | |||||
| CVE-2022-40957 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 6.5 MEDIUM |
| Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2022-40958 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 6.5 MEDIUM |
| By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2022-40959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 6.5 MEDIUM |
| During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2022-40960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 6.5 MEDIUM |
| Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2022-40961 | 2 Google, Mozilla | 2 Android, Firefox | 2023-01-03 | N/A | 6.5 MEDIUM |
| During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. | |||||
| CVE-2022-40962 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 8.8 HIGH |
| Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2022-42927 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 8.1 HIGH |
| A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via <code>performance.getEntries()</code>. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106. | |||||
| CVE-2022-42928 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 8.8 HIGH |
| Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106. | |||||
| CVE-2022-42929 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 6.5 MEDIUM |
| If a website called <code>window.print()</code> in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106. | |||||
| CVE-2022-42931 | 1 Mozilla | 1 Firefox | 2023-01-03 | N/A | 3.3 LOW |
| Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. | |||||
| CVE-2022-29912 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 6.1 MEDIUM |
| Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-42932 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 8.8 HIGH |
| Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106. | |||||
| CVE-2022-36317 | 2 Google, Mozilla | 2 Android, Firefox | 2023-01-03 | N/A | 6.5 MEDIUM |
| When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. | |||||
| CVE-2022-46334 | 1 Proofpoint | 1 Enterprise Protection | 2023-01-03 | N/A | 7.8 HIGH |
| Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below. | |||||
| CVE-2022-36318 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 5.3 MEDIUM |
| When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. | |||||
| CVE-2022-46330 | 1 Squirrel.windows Project | 1 Squirrel.windows | 2023-01-03 | N/A | 7.8 HIGH |
| Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | |||||
| CVE-2022-36319 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 7.5 HIGH |
| When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. | |||||
| CVE-2022-29914 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-03 | N/A | 6.5 MEDIUM |
| When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-29913 | 1 Mozilla | 1 Thunderbird | 2023-01-03 | N/A | 6.5 MEDIUM |
| The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9. | |||||