Mozilla Firefox vulnerabilities

CVE-2022-29918 [HIGH] CWE-787 CVE-2022-29918: Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safet Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100.

CVE-2022-22737 [HIGH] CWE-362 CVE-2022-22737: Constructing audio sinks could have lead to a race condition when playing audio files and closing wi Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-34481 [HIGH] CWE-190 CVE-2022-34481: In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occu In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2022-34482 [HIGH] CWE-434 CVE-2022-34482: An attacker who could have convinced a user to drag and drop an image to a filesystem could have man An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102.

CVE-2022-38478 [HIGH] CWE-787 CVE-2022-38478: Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102 Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13,

CVE-2022-31739 [HIGH] CWE-73 CVE-2022-31739: When downloading files on Windows, the % character was not escaped, which could have lead to a downl When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 1

CVE-2022-22764 [HIGH] CWE-787 CVE-2022-22764: Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in F Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, an

CVE-2022-34480 [HIGH] CWE-824 CVE-2022-34480: Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an un Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.

CVE-2022-36319 [HIGH] CWE-1021 CVE-2022-36319: When combining CSS properties for overflow and transform, the mouse cursor could interact with diffe When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

CVE-2022-34477 [HIGH] CWE-203 CVE-2022-34477: The MediaError message property should be consistent to avoid leaking information about cross-origin The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102.

CVE-2022-31740 [HIGH] CWE-119 CVE-2022-31740: On arm64, WASM code could have resulted in incorrect assembly generation leading to a register alloc On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CVE-2022-45409 [HIGH] CWE-416 CVE-2022-45409: The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finis The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-34484 [HIGH] CWE-416 CVE-2022-34484: The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of th The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11

CVE-2022-46871 [HIGH] CWE-1104 CVE-2022-46871: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. T An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

CVE-2022-22758 [HIGH] CWE-319 CVE-2022-22758: When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be incl When clicking on a tel: link, USSD codes, specified after a \* character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.*This bug only affects Firefox for Android. Other operating systems are unaff

CVE-2022-1529 [HIGH] CWE-1321 CVE-2022-1529: An attacker could have sent a message to the parent process where the contents were used to double-i An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and

CVE-2022-2505 [HIGH] CWE-787 CVE-2022-2505: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

CVE-2022-0843 [HIGH] CWE-787 CVE-2022-0843: Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs p Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98.

CVE-2022-22763 [HIGH] CWE-362 CVE-2022-22763: When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-34468 [HIGH] CWE-829 CVE-2022-34468: An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascrip An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.