Mozilla Firefox vulnerabilities

CVE-2022-34472 [MEDIUM] CWE-703 CVE-2022-34472: If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2021-4128 [MEDIUM] CWE-416 CVE-2021-4128: When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; res When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.

CVE-2022-22760 [MEDIUM] CWE-209 CVE-2022-22760: When importing resources using Web Workers, error messages would distinguish the difference between When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-46877 [MEDIUM] CWE-79 CVE-2022-46877: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulti By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.

CVE-2022-36317 [MEDIUM] CVE-2022-36317: When visiting a website with an overly long URL, the user interface would start to hang. Due to sess When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103.

CVE-2022-22754 [MEDIUM] CWE-863 CVE-2022-22754: If a user installed an extension of a particular type, the extension could have auto-updated itself If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-40958 [MEDIUM] CWE-74 CVE-2022-40958: By injecting a cookie with certain special characters, an attacker on a shared subdomain which is no By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-34478 [MEDIUM] CWE-601 CVE-2022-34478: The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the us

CVE-2022-36314 [MEDIUM] CWE-427 CVE-2022-36314: When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path th When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

CVE-2022-45408 [MEDIUM] CWE-79 CVE-2022-45408: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen wi Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-42929 [MEDIUM] CWE-400 CVE-2022-42929: If a website called `window.print()` in a particular way, it could cause a denial of service of the If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.

CVE-2022-34474 [MEDIUM] CWE-601 CVE-2022-34474: Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it r Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.

CVE-2022-22750 [MEDIUM] CVE-2022-22750: By generally accepting and passing resource handles across processes, a compromised content process By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox

CVE-2022-34475 [MEDIUM] CWE-79 CVE-2022-34475: SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could have resulted in scri SVG tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102.

CVE-2022-36315 [MEDIUM] CWE-345 CVE-2022-36315: When loading a script with Subresource Integrity, attackers with an injection capability could trigg When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.

CVE-2022-46880 [MEDIUM] CWE-416 CVE-2022-46880: A missing check related to tex units could have led to a use-after-free and potentially exploitable A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird

CVE-2022-22762 [MEDIUM] CWE-451 CVE-2022-22762: Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another webs Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.

CVE-2022-42931 [LOW] CWE-312 CVE-2022-42931: Logins saved by Firefox should be managed by the Password Manager component which uses encryption to Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106.

CVE-2022-1919 [HIGH] CVE-2022-1919: Use after free in Codecs in Google Chrome prior to 101 Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-24791 [CRITICAL] CVE-2022-24791: Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference type