Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38475 | Med | 0.42 | 6.5 | 0.00 | Dec 22, 2022 | An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104. | ||
| CVE-2022-38472 | Med | 0.42 | 6.5 | 0.00 | Dec 22, 2022 | An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects… | ||
| CVE-2022-36317 | Med | 0.42 | 6.5 | 0.00 | Dec 22, 2022 | When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects… | ||
| CVE-2022-34479 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This… | ||
| CVE-2022-34478 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none… | ||
| CVE-2022-34471 | Med | 0.42 | 6.5 | 0.00 | Dec 22, 2022 | When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior… | ||
| CVE-2022-31744 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. | ||
| CVE-2022-31743 | Med | 0.42 | 6.5 | 0.00 | Dec 22, 2022 | Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101. | ||
| CVE-2022-31742 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This… | ||
| CVE-2022-31738 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||
| CVE-2022-29916 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||
| CVE-2022-29914 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||
| CVE-2022-28287 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | ||
| CVE-2022-28285 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and… | ||
| CVE-2022-28283 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99. | ||
| CVE-2022-28282 | Med | 0.42 | 6.5 | 0.02 | Dec 22, 2022 | By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects… | ||
| CVE-2022-26386 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the… | ||
| CVE-2022-26385 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98. | ||
| CVE-2022-22760 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2022 | When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97,… | ||
| CVE-2022-22757 | Med | 0.42 | 6.5 | 0.00 | Dec 22, 2022 | Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. *This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*.… |
- risk 0.42cvss 6.5epss 0.00
An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.
- risk 0.42cvss 6.5epss 0.00
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects…
- risk 0.42cvss 6.5epss 0.00
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects…
- risk 0.42cvss 6.5epss 0.01
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This…
- risk 0.42cvss 6.5epss 0.01
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none…
- risk 0.42cvss 6.5epss 0.00
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior…
- risk 0.42cvss 6.5epss 0.01
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
- risk 0.42cvss 6.5epss 0.00
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101.
- risk 0.42cvss 6.5epss 0.01
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This…
- risk 0.42cvss 6.5epss 0.01
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
- risk 0.42cvss 6.5epss 0.01
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
- risk 0.42cvss 6.5epss 0.01
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
- risk 0.42cvss 6.5epss 0.01
In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99.
- risk 0.42cvss 6.5epss 0.01
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and…
- risk 0.42cvss 6.5epss 0.01
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.
- risk 0.42cvss 6.5epss 0.02
By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects…
- risk 0.42cvss 6.5epss 0.01
Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the…
- risk 0.42cvss 6.5epss 0.01
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.
- risk 0.42cvss 6.5epss 0.01
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97,…
- risk 0.42cvss 6.5epss 0.00
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. *This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*.…
Page 67 of 159