Mozilla
Products by Mozilla Sorted by Most Security Vulnerabilities since 2018
Recent Mozilla Security Advisories
Advisory | Title | Published |
---|---|---|
mfsa2023-09 | Security Vulnerabilities fixed in Firefox 111 mfsa2023-09 | March 14, 2023 |
mfsa2023-10 | Security Vulnerabilities fixed in Firefox ESR 102.9 mfsa2023-10 | March 14, 2023 |
mfsa2023-11 | Security Vulnerabilities fixed in Thunderbird 102.9 mfsa2023-11 | March 14, 2023 |
mfsa2023-08 | Security Vulnerabilities fixed in Firefox for Android 110.1.0 mfsa2023-08 | February 28, 2023 |
mfsa2023-07 | Security Vulnerabilities fixed in Thunderbird 102.8 mfsa2023-07 | February 15, 2023 |
mfsa2023-05 | Security Vulnerabilities fixed in Firefox 110 mfsa2023-05 | February 14, 2023 |
mfsa2023-06 | Security Vulnerabilities fixed in Firefox ESR 102.8 mfsa2023-06 | February 14, 2023 |
mfsa2023-04 | Security Vulnerabilities fixed in Thunderbird 102.7.1 mfsa2023-04 | January 23, 2023 |
mfsa2023-03 | Security Vulnerabilities fixed in Thunderbird 102.7 mfsa2023-03 | January 18, 2023 |
mfsa2023-02 | Security Vulnerabilities fixed in Firefox ESR 102.7 mfsa2023-02 | January 17, 2023 |
Known Exploited Mozilla Vulnerabilities
The following Mozilla vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Mozilla Firefox Security Feature Bypass Vulnerability | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 | May 25, 2022 |
Mozilla Firefox and Thunderbird Type Confusion Vulnerability | Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. CVE-2019-11707 | May 23, 2022 |
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability | Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. CVE-2019-11708 | May 23, 2022 |
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability | Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site. CVE-2013-1690 | March 28, 2022 |
Mozilla Firefox Use-After-Free Vulnerability | Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 | March 7, 2022 |
Mozilla Firefox Use-After-Free Vulnerability | Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 | March 7, 2022 |
Mozilla Firefox Information Disclosure Vulnerability | Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 | March 3, 2022 |
Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability | A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6819 | November 3, 2021 |
Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability | A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6820 | November 3, 2021 |
Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1 CVE-2019-17026 | November 3, 2021 |
@mozilla Tweets

Tue Mar 21 11:20:01 +0000 2023

Mon Mar 20 15:45:28 +0000 2023

Mon Mar 20 15:41:28 +0000 2023

Mon Mar 20 13:51:01 +0000 2023

Mon Mar 20 13:05:01 +0000 2023
By the Year
In 2023 there have been 6 vulnerabilities in Mozilla with an average score of 6.9 out of ten. Last year Mozilla had 186 security vulnerabilities published. Right now, Mozilla is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.52
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 6 | 6.92 |
2022 | 186 | 7.44 |
2021 | 158 | 7.11 |
2020 | 180 | 7.26 |
2019 | 144 | 7.67 |
2018 | 128 | 7.64 |
It may take a day or so for new Mozilla vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Security Vulnerabilities
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification
CVE-2020-12413
5.9 - Medium
- February 16, 2023
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.
Side Channel Attack
Scanning a QR code that contained a javascript: URL
CVE-2019-17003
6.1 - Medium
- February 16, 2023
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
XSS
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS)
CVE-2020-6817
7.5 - High
- February 16, 2023
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
ReDoS
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages
CVE-2021-43529
9.8 - Critical
- February 16, 2023
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures.
Memory Corruption
There was an open redirection vulnerability pollbot
CVE-2022-0637
6.1 - Medium
- February 16, 2023
There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.
Open Redirect
A mutation XSS affects users calling bleach.clean with all of: svg or math in the
CVE-2021-23980
6.1 - Medium
- February 16, 2023
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
XSS
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash
CVE-2022-40957
6.5 - Medium
- December 22, 2022
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
An attacker could have exploited a timing attack by sending a large number of
CVE-2022-31742
6.5 - Medium
- December 22, 2022
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead
CVE-2022-40956
6.1 - Medium
- December 22, 2022
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
XSS
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies
CVE-2022-40958
6.5 - Medium
- December 22, 2022
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Injection
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe
CVE-2022-40960
6.5 - Medium
- December 22, 2022
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Dangling pointer
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass
CVE-2022-40959
6.5 - Medium
- December 22, 2022
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Insecure Storage of Sensitive Information
When receiving an HTML email
CVE-2022-3034
4.3 - Medium
- December 22, 2022
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Clickjacking
When receiving an HTML email
CVE-2022-3032
6.5 - Medium
- December 22, 2022
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
AuthZ
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to
CVE-2022-3033
8.1 - High
- December 22, 2022
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Code Injection
When receiving an HTML email
CVE-2022-3034
4.3 - Medium
- December 22, 2022
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Clickjacking
When receiving an HTML email
CVE-2022-3032
6.5 - Medium
- December 22, 2022
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
AuthZ
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to
CVE-2022-3033
8.1 - High
- December 22, 2022
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Code Injection
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12
CVE-2022-38478
8.8 - High
- December 22, 2022
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Memory Corruption
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1
CVE-2022-38477
8.8 - High
- December 22, 2022
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.
Memory Corruption
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability
CVE-2022-38476
7.5 - High
- December 22, 2022
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.
Dangling pointer
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)
CVE-2022-38473
8.8 - High
- December 22, 2022
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Improper Preservation of Permissions
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin
CVE-2022-38472
6.5 - Medium
- December 22, 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Origin Validation Error
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12
CVE-2022-38478
8.8 - High
- December 22, 2022
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Memory Corruption
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)
CVE-2022-38473
8.8 - High
- December 22, 2022
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Improper Preservation of Permissions
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin
CVE-2022-38472
6.5 - Medium
- December 22, 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Origin Validation Error
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12
CVE-2022-38478
8.8 - High
- December 22, 2022
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Memory Corruption
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1
CVE-2022-38477
8.8 - High
- December 22, 2022
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.
Memory Corruption
An attacker could have written a value to the first element in a zero-length JavaScript array
CVE-2022-38475
6.5 - Medium
- December 22, 2022
An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.
AuthZ
A website that had permission to access the microphone could record audio without the audio notification being shown
CVE-2022-38474
4.3 - Medium
- December 22, 2022
A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104.
Exposure of Resource to Wrong Sphere
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)
CVE-2022-38473
8.8 - High
- December 22, 2022
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Improper Preservation of Permissions
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin
CVE-2022-38472
6.5 - Medium
- December 22, 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Origin Validation Error
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12
CVE-2022-38478
8.8 - High
- December 22, 2022
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Memory Corruption
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1
CVE-2022-38477
8.8 - High
- December 22, 2022
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.
Memory Corruption
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability
CVE-2022-38476
7.5 - High
- December 22, 2022
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.
Dangling pointer
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)
CVE-2022-38473
8.8 - High
- December 22, 2022
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Improper Preservation of Permissions
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin
CVE-2022-38472
6.5 - Medium
- December 22, 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Origin Validation Error
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12
CVE-2022-38478
8.8 - High
- December 22, 2022
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Memory Corruption
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)
CVE-2022-38473
8.8 - High
- December 22, 2022
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Improper Preservation of Permissions
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin
CVE-2022-38472
6.5 - Medium
- December 22, 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Origin Validation Error
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-36318
5.3 - Medium
- December 22, 2022
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Race Condition
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed
CVE-2022-36319
7.5 - High
- December 22, 2022
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-2505
8.8 - High
- December 22, 2022
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
Memory Corruption
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path
CVE-2022-36314
5.5 - Medium
- December 22, 2022
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
DLL preloading
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-36318
5.3 - Medium
- December 22, 2022
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Race Condition
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed
CVE-2022-36319
7.5 - High
- December 22, 2022
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-2505
8.8 - High
- December 22, 2022
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
Memory Corruption
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-36320
9.8 - Critical
- December 22, 2022
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103.
Memory Corruption
When using the Performance API
CVE-2022-36316
6.1 - Medium
- December 22, 2022
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.
Open Redirect
When loading a script with Subresource Integrity
CVE-2022-36315
4.3 - Medium
- December 22, 2022
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path
CVE-2022-36314
5.5 - Medium
- December 22, 2022
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
DLL preloading
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-36318
5.3 - Medium
- December 22, 2022
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Race Condition
When visiting a website with an overly long URL, the user interface would start to hang
CVE-2022-36317
6.5 - Medium
- December 22, 2022
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103.
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed
CVE-2022-36319
7.5 - High
- December 22, 2022
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-36318
5.3 - Medium
- December 22, 2022
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Race Condition
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed
CVE-2022-36319
7.5 - High
- December 22, 2022
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-2505
8.8 - High
- December 22, 2022
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
Memory Corruption
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path
CVE-2022-36314
5.5 - Medium
- December 22, 2022
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
DLL preloading
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-36318
5.3 - Medium
- December 22, 2022
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
Race Condition
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed
CVE-2022-36319
7.5 - High
- December 22, 2022
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension
CVE-2022-34482
8.8 - High
- December 22, 2022
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102.
On arm64
CVE-2022-31740
8.8 - High
- December 22, 2022
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Mozilla developers Andrew McCreight, Nicolas B
CVE-2022-31747
9.8 - Critical
- December 22, 2022
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
A malicious website could have learned the size of a cross-origin resource that supported Range requests
CVE-2022-31736
9.8 - Critical
- December 22, 2022
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash
CVE-2022-31737
9.8 - Critical
- December 22, 2022
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Memory Corruption
When exiting fullscreen mode
CVE-2022-31738
6.5 - Medium
- December 22, 2022
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Authentication Bypass by Spoofing
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths
CVE-2022-31739
8.8 - High
- December 22, 2022
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption
CVE-2022-31741
8.8 - High
- December 22, 2022
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Buffer Overflow
An attacker could have exploited a timing attack by sending a large number of
CVE-2022-31742
6.5 - Medium
- December 22, 2022
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers
CVE-2022-31743
6.5 - Medium
- December 22, 2022
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101.
XSS
An attacker could have injected CSS into stylesheets accessible
CVE-2022-31744
6.5 - Medium
- December 22, 2022
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
AuthZ
If array shift operations are not used, the Garbage Collector may have become confused about valid objects
CVE-2022-31745
4.3 - Medium
- December 22, 2022
If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.
out-of-bounds array index
Mozilla developers Andrew McCreight, Nicolas B
CVE-2022-31747
9.8 - Critical
- December 22, 2022
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Mozilla developers Gabriele Svelto
CVE-2022-31748
9.8 - Critical
- December 22, 2022
Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101.
The search term could have been specified externally to trigger SQL injection
CVE-2022-1887
9.8 - Critical
- December 22, 2022
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
SQL Injection
A malicious website
CVE-2022-34479
6.5 - Medium
- December 22, 2022
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Session history navigations may have led to a use-after-free and potentially exploitable crash
CVE-2022-34470
9.8 - Critical
- December 22, 2022
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Dangling pointer
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link
CVE-2022-34468
8.8 - High
- December 22, 2022
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function
CVE-2022-34481
8.8 - High
- December 22, 2022
In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Integer Overflow or Wraparound
An attacker could have injected CSS into stylesheets accessible
CVE-2022-31744
6.5 - Medium
- December 22, 2022
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
AuthZ
If there was a PAC URL set and the server
CVE-2022-34472
4.3 - Medium
- December 22, 2022
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
The <code>ms-msdt</code>
CVE-2022-34478
6.5 - Medium
- December 22, 2022
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
If an object prototype was corrupted by an attacker, they
CVE-2022-2200
8.8 - High
- December 22, 2022
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Prototype Pollution
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10
CVE-2022-34484
8.8 - High
- December 22, 2022
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
assertion failure
A malicious website
CVE-2022-34479
6.5 - Medium
- December 22, 2022
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Session history navigations may have led to a use-after-free and potentially exploitable crash
CVE-2022-34470
9.8 - Critical
- December 22, 2022
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Dangling pointer
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link
CVE-2022-34468
8.8 - High
- December 22, 2022
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function
CVE-2022-34481
8.8 - High
- December 22, 2022
In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Integer Overflow or Wraparound
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10
CVE-2022-34484
8.8 - High
- December 22, 2022
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
assertion failure
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101
CVE-2022-34485
9.8 - Critical
- December 22, 2022
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102.
Memory Corruption
A malicious website
CVE-2022-34479
6.5 - Medium
- December 22, 2022
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Session history navigations may have led to a use-after-free and potentially exploitable crash
CVE-2022-34470
9.8 - Critical
- December 22, 2022
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Dangling pointer
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link
CVE-2022-34468
8.8 - High
- December 22, 2022
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
An OpenPGP digital signature includes information about the date when the signature was created
CVE-2022-2226
6.5 - Medium
- December 22, 2022
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
Authentication Bypass by Capture-replay
The <code>ms-msdt</code>
CVE-2022-34478
6.5 - Medium
- December 22, 2022
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10
CVE-2022-34484
8.8 - High
- December 22, 2022
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
assertion failure
If an object prototype was corrupted by an attacker, they
CVE-2022-2200
8.8 - High
- December 22, 2022
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Prototype Pollution
The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes
CVE-2022-34473
6.1 - Medium
- December 22, 2022
The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102.
XSS
If there was a PAC URL set and the server
CVE-2022-34472
4.3 - Medium
- December 22, 2022
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
An attacker could have injected CSS into stylesheets accessible
CVE-2022-31744
6.5 - Medium
- December 22, 2022
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
AuthZ