Mozilla

Firefox

2920 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-2200

  • EPSS 4.87%
  • Veröffentlicht 22.12.2022 20:15:27
  • Zuletzt bearbeitet 15.04.2025 15:15:57

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102,...

8.8

CVE-2022-2505

  • EPSS 0.21%
  • Veröffentlicht 22.12.2022 20:15:27
  • Zuletzt bearbeitet 15.04.2025 15:15:58

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar...

9.8

CVE-2022-31736

  • EPSS 0.14%
  • Veröffentlicht 22.12.2022 20:15:27
  • Zuletzt bearbeitet 15.04.2025 15:15:58

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

6.1

CVE-2022-29912

Exploit
  • EPSS 0.3%
  • Veröffentlicht 22.12.2022 20:15:26
  • Zuletzt bearbeitet 15.04.2025 20:15:36

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

6.5

CVE-2022-29914

  • EPSS 0.07%
  • Veröffentlicht 22.12.2022 20:15:26
  • Zuletzt bearbeitet 15.04.2025 20:15:36

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

4.3

CVE-2022-29915

Exploit
  • EPSS 0.25%
  • Veröffentlicht 22.12.2022 20:15:26
  • Zuletzt bearbeitet 15.04.2025 16:15:18

The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.

6.5

CVE-2022-29916

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.12.2022 20:15:26
  • Zuletzt bearbeitet 15.04.2025 15:15:56

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefo...

9.8

CVE-2022-29917

Exploit
  • EPSS 0.16%
  • Veröffentlicht 22.12.2022 20:15:26
  • Zuletzt bearbeitet 15.04.2025 15:15:57

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with eno...

8.8

CVE-2022-28289

  • EPSS 0.2%
  • Veröffentlicht 22.12.2022 20:15:25
  • Zuletzt bearbeitet 16.04.2025 14:15:20

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume tha...

8.8

CVE-2022-29909

  • EPSS 0.04%
  • Veröffentlicht 22.12.2022 20:15:25
  • Zuletzt bearbeitet 16.04.2025 14:15:20

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91....