rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP4
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4
Vulnerabilities (206)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-29911 | — | < 91.9.0-150200.152.33.1 | 91.9.0-150200.152.33.1 | Dec 22, 2022 | An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||
| CVE-2022-29909 | — | < 91.9.0-150200.152.33.1 | 91.9.0-150200.152.33.1 | Dec 22, 2022 | Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Fir | ||
| CVE-2022-2505 | — | < 102.3.0-150200.152.61.1 | 102.3.0-150200.152.61.1 | Dec 22, 2022 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability aff | ||
| CVE-2022-2200 | — | < 91.11.0-150200.152.48.1 | 91.11.0-150200.152.48.1 | Dec 22, 2022 | If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | ||
| CVE-2022-1802 | — | < 91.9.1-150200.152.40.1 | 91.9.1-150200.152.40.1 | Dec 22, 2022 | If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox | ||
| CVE-2022-1529 | — | < 91.9.1-150200.152.40.1 | 91.9.1-150200.152.40.1 | Dec 22, 2022 | An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects F |
- CVE-2022-29911Dec 22, 2022affected < 91.9.0-150200.152.33.1fixed 91.9.0-150200.152.33.1
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
- CVE-2022-29909Dec 22, 2022affected < 91.9.0-150200.152.33.1fixed 91.9.0-150200.152.33.1
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Fir
- CVE-2022-2505Dec 22, 2022affected < 102.3.0-150200.152.61.1fixed 102.3.0-150200.152.61.1
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability aff
- CVE-2022-2200Dec 22, 2022affected < 91.11.0-150200.152.48.1fixed 91.11.0-150200.152.48.1
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
- CVE-2022-1802Dec 22, 2022affected < 91.9.1-150200.152.40.1fixed 91.9.1-150200.152.40.1
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox
- CVE-2022-1529Dec 22, 2022affected < 91.9.1-150200.152.40.1fixed 91.9.1-150200.152.40.1
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects F
Page 11 of 11