Mozilla Firefox Esr vulnerabilities

CVE-2022-31738 [MEDIUM] CWE-290 CVE-2022-31738: When exiting fullscreen mode, an iframe could have confused the browser about the current state of f When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CVE-2022-36318 [MEDIUM] CWE-362 CVE-2022-36318: When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

CVE-2022-45416 [MEDIUM] CWE-203 CVE-2022-45416: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-40960 [MEDIUM] CWE-416 CVE-2022-40960: Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-a Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-36314 [MEDIUM] CWE-427 CVE-2022-36314: When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path th When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

CVE-2022-46875 [MEDIUM] CWE-287 CVE-2022-46875: The executable file warning was not presented when downloading .atloc and .ftploc files, which can r The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. *Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.

CVE-2022-22742 [MEDIUM] CWE-125 CVE-2022-22742: When inserting text while in edit mode, some characters might have lead to out-of-bounds memory acce When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-26383 [MEDIUM] CWE-451 CVE-2022-26383: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-45408 [MEDIUM] CWE-79 CVE-2022-45408: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen wi Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-34472 [MEDIUM] CWE-703 CVE-2022-34472: If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2022-29916 [MEDIUM] CWE-200 CVE-2022-29916: Firefox behaved slightly differently for already known resources when loading CSS resources involvin Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

CVE-2022-45404 [MEDIUM] CWE-451 CVE-2022-45404: Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to g Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-38472 [MEDIUM] CWE-346 CVE-2022-38472: An attacker could have abused XSLT error handling to associate attacker-controlled content with anot An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR <

CVE-2022-22760 [MEDIUM] CWE-209 CVE-2022-22760: When importing resources using Web Workers, error messages would distinguish the difference between When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-31744 [MEDIUM] CWE-79 CVE-2022-31744: An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource: An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

CVE-2022-34478 [MEDIUM] CWE-601 CVE-2022-34478: The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the us

CVE-2022-22743 [MEDIUM] CVE-2022-22743: When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-28286 [MEDIUM] CWE-1021 CVE-2022-28286: Due to a layout change, iframe contents could have been rendered outside of its border. This could h Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2022-29914 [MEDIUM] CWE-1021 CVE-2022-29914: When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

CVE-2022-40958 [MEDIUM] CWE-74 CVE-2022-40958: By injecting a cookie with certain special characters, an attacker on a shared subdomain which is no By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.