Mozilla Firefox vulnerabilities

CVE-2022-22748 [MEDIUM] CWE-79 CVE-2022-22748: Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-22749 [MEDIUM] CWE-20 CVE-2022-22749: When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not p When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

CVE-2022-34473 [MEDIUM] CWE-79 CVE-2022-34473: The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</c The HTML Sanitizer should have sanitized the href attribute of SVG tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102.

CVE-2022-45418 [MEDIUM] CWE-1021 CVE-2022-45418: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-28285 [MEDIUM] CWE-125 CVE-2022-28285: When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2022-45416 [MEDIUM] CWE-203 CVE-2022-45416: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-45420 [MEDIUM] CWE-1021 CVE-2022-45420: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-31742 [MEDIUM] CWE-203 CVE-2022-31742: An attacker could have exploited a timing attack by sending a large number of allowCredential entrie An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR

CVE-2022-22739 [MEDIUM] CVE-2022-22739: Malicious websites could have tricked users into accepting launching a program to handle an external Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-29910 [MEDIUM] CWE-601 CVE-2022-29910: When closed or sent to the background, Firefox for Android would not properly record and persist HST When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100.

CVE-2022-3266 [MEDIUM] CWE-125 CVE-2022-3266: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-22742 [MEDIUM] CWE-125 CVE-2022-22742: When inserting text while in edit mode, some characters might have lead to out-of-bounds memory acce When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-26382 [MEDIUM] CWE-203 CVE-2022-26382: While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was re While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.

CVE-2022-26383 [MEDIUM] CWE-451 CVE-2022-26383: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-38472 [MEDIUM] CWE-346 CVE-2022-38472: An attacker could have abused XSLT error handling to associate attacker-controlled content with anot An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR <

CVE-2022-26385 [MEDIUM] CWE-416 CVE-2022-26385: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. Thi In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.

CVE-2022-36316 [MEDIUM] CWE-601 CVE-2022-36316: When using the Performance API, an attacker was able to notice subtle differences between Performanc When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.

CVE-2022-40961 [MEDIUM] CWE-787 CVE-2022-40961: During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow caus During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105.

CVE-2022-28283 [MEDIUM] CWE-552 CVE-2022-28283: The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage t The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.

CVE-2022-40957 [MEDIUM] CWE-240 CVE-2022-40957: Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.