rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS
Vulnerabilities (112)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-22741 | — | < 91.5.0-152.12.1 | 91.5.0-152.12.1 | Dec 22, 2022 | When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2022-22740 | — | < 91.5.0-152.12.1 | 91.5.0-152.12.1 | Dec 22, 2022 | Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2022-22739 | — | < 91.5.0-152.12.1 | 91.5.0-152.12.1 | Dec 22, 2022 | Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2022-22738 | — | < 91.5.0-152.12.1 | 91.5.0-152.12.1 | Dec 22, 2022 | Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2022-22737 | — | < 91.5.0-152.12.1 | 91.5.0-152.12.1 | Dec 22, 2022 | Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2022-2200 | — | < 91.11.0-150200.152.48.1 | 91.11.0-150200.152.48.1 | Dec 22, 2022 | If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | ||
| CVE-2022-1802 | — | < 91.9.1-150200.152.40.1 | 91.9.1-150200.152.40.1 | Dec 22, 2022 | If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox | ||
| CVE-2022-1529 | — | < 91.9.1-150200.152.40.1 | 91.9.1-150200.152.40.1 | Dec 22, 2022 | An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects F | ||
| CVE-2022-1196 | — | < 91.8.0-150200.152.26.1 | 91.8.0-150200.152.26.1 | Dec 22, 2022 | After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8. | ||
| CVE-2022-1097 | — | < 91.8.0-150200.152.26.1 | 91.8.0-150200.152.26.1 | Dec 22, 2022 | NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | ||
| CVE-2021-4140 | — | < 91.5.0-152.12.1 | 91.5.0-152.12.1 | Dec 22, 2022 | It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2022-24713 | — | < 91.8.0-150200.152.26.1 | 91.8.0-150200.152.26.1 | Mar 8, 2022 | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane |
- CVE-2022-22741Dec 22, 2022affected < 91.5.0-152.12.1fixed 91.5.0-152.12.1
When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- CVE-2022-22740Dec 22, 2022affected < 91.5.0-152.12.1fixed 91.5.0-152.12.1
Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- CVE-2022-22739Dec 22, 2022affected < 91.5.0-152.12.1fixed 91.5.0-152.12.1
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- CVE-2022-22738Dec 22, 2022affected < 91.5.0-152.12.1fixed 91.5.0-152.12.1
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- CVE-2022-22737Dec 22, 2022affected < 91.5.0-152.12.1fixed 91.5.0-152.12.1
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- CVE-2022-2200Dec 22, 2022affected < 91.11.0-150200.152.48.1fixed 91.11.0-150200.152.48.1
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
- CVE-2022-1802Dec 22, 2022affected < 91.9.1-150200.152.40.1fixed 91.9.1-150200.152.40.1
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox
- CVE-2022-1529Dec 22, 2022affected < 91.9.1-150200.152.40.1fixed 91.9.1-150200.152.40.1
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects F
- CVE-2022-1196Dec 22, 2022affected < 91.8.0-150200.152.26.1fixed 91.8.0-150200.152.26.1
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.
- CVE-2022-1097Dec 22, 2022affected < 91.8.0-150200.152.26.1fixed 91.8.0-150200.152.26.1
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
- CVE-2021-4140Dec 22, 2022affected < 91.5.0-152.12.1fixed 91.5.0-152.12.1
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- CVE-2022-24713Mar 8, 2022affected < 91.8.0-150200.152.26.1fixed 91.8.0-150200.152.26.1
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane
Page 6 of 6