Mozilla Firefox Esr vulnerabilities

CVE-2022-22748 [MEDIUM] CWE-79 CVE-2022-22748: Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-22739 [MEDIUM] CVE-2022-22739: Malicious websites could have tricked users into accepting launching a program to handle an external Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-29911 [MEDIUM] CWE-1021 CVE-2022-29911: An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-acti An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

CVE-2022-40959 [MEDIUM] CWE-922 CVE-2022-40959: During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading t During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-22754 [MEDIUM] CWE-863 CVE-2022-22754: If a user installed an extension of a particular type, the extension could have auto-updated itself If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-1097 [MEDIUM] CWE-416 CVE-2022-1097: <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2022-22747 [MEDIUM] CWE-295 CVE-2022-22747: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificat After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-34479 [MEDIUM] CWE-451 CVE-2022-34479: A malicious website that could create a popup could have resized the popup to overlay the address ba A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102

CVE-2022-31742 [MEDIUM] CWE-203 CVE-2022-31742: An attacker could have exploited a timing attack by sending a large number of allowCredential entrie An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR

CVE-2022-1196 [MEDIUM] CWE-416 CVE-2022-1196: After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.

CVE-2022-45411 [MEDIUM] CWE-79 CVE-2022-45411: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an X Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-sta

CVE-2022-42929 [MEDIUM] CWE-400 CVE-2022-42929: If a website called `window.print()` in a particular way, it could cause a denial of service of the If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.

CVE-2022-45418 [MEDIUM] CWE-1021 CVE-2022-45418: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-45420 [MEDIUM] CWE-1021 CVE-2022-45420: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-28282 [MEDIUM] CWE-416 CVE-2022-28282: By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by d By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2022-45403 [MEDIUM] CWE-203 CVE-2022-45403: Service Workers should not be able to infer information about opaque cross-origin responses; but tim Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-45405 [MEDIUM] CWE-416 CVE-2022-45405: Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led t Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-40957 [MEDIUM] CWE-240 CVE-2022-40957: Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-3266 [MEDIUM] CWE-125 CVE-2022-3266: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-26386 [MEDIUM] CWE-377 CVE-2022-26386: Previously Firefox for macOS and Linux would download temporary files to a user-specific directory i Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. *This bug only affects Firefox for macOS and Linux. Other operating