Mozilla Firefox vulnerabilities

CVE-2022-28286 [MEDIUM] CWE-1021 CVE-2022-28286: Due to a layout change, iframe contents could have been rendered outside of its border. This could h Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2022-45403 [MEDIUM] CWE-203 CVE-2022-45403: Service Workers should not be able to infer information about opaque cross-origin responses; but tim Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-40959 [MEDIUM] CWE-922 CVE-2022-40959: During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading t During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-31744 [MEDIUM] CWE-79 CVE-2022-31744: An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource: An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

CVE-2021-4221 [MEDIUM] CWE-1007 CVE-2021-4221: If a domain name contained a RTL character, it would cause the domain to be rendered to the right of If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.**Note*: Due to a clerical error this advisory was not included in the original announcement, and was

CVE-2022-45413 [MEDIUM] CWE-601 CVE-2022-45413: Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107.

CVE-2022-22747 [MEDIUM] CWE-295 CVE-2022-22747: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificat After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-40960 [MEDIUM] CWE-416 CVE-2022-40960: Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-a Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-28282 [MEDIUM] CWE-416 CVE-2022-28282: By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by d By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2022-38474 [MEDIUM] CWE-668 CVE-2022-38474: A website that had permission to access the microphone could record audio without the audio notifica A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This

CVE-2022-45404 [MEDIUM] CWE-451 CVE-2022-45404: Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to g Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-31746 [MEDIUM] CWE-200 CVE-2022-31746: Internal URLs are protected by a secret UUID key, which could have been leaked to web page through t Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102.

CVE-2022-45419 [MEDIUM] CWE-295 CVE-2022-45419: If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connect If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107.

CVE-2022-31738 [MEDIUM] CWE-290 CVE-2022-31738: When exiting fullscreen mode, an iframe could have confused the browser about the current state of f When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CVE-2022-22745 [MEDIUM] CWE-200 CVE-2022-22745: Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violat Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-46875 [MEDIUM] CWE-287 CVE-2022-46875: The executable file warning was not presented when downloading .atloc and .ftploc files, which can r The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. *Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.

CVE-2022-29912 [MEDIUM] CWE-601 CVE-2022-29912: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

CVE-2022-28287 [MEDIUM] CWE-664 CVE-2022-28287: In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, l In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99.

CVE-2022-45411 [MEDIUM] CWE-79 CVE-2022-45411: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an X Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-sta

CVE-2022-22743 [MEDIUM] CVE-2022-22743: When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.