Mozilla

Firefox

2920 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2022-22736

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.12.2022 20:15:14
  • Zuletzt bearbeitet 16.04.2025 16:15:21

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affec...

7.5

CVE-2022-22737

Exploit
  • EPSS 0.11%
  • Veröffentlicht 22.12.2022 20:15:14
  • Zuletzt bearbeitet 16.04.2025 15:15:47

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, ...

8.8

CVE-2022-22738

Exploit
  • EPSS 0.15%
  • Veröffentlicht 22.12.2022 20:15:14
  • Zuletzt bearbeitet 16.04.2025 15:15:47

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

6.5

CVE-2022-22739

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.12.2022 20:15:14
  • Zuletzt bearbeitet 16.04.2025 16:15:21

Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

8.8

CVE-2022-22740

Exploit
  • EPSS 0.15%
  • Veröffentlicht 22.12.2022 20:15:14
  • Zuletzt bearbeitet 16.04.2025 16:15:21

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbi...

7.5

CVE-2022-22741

  • EPSS 0.12%
  • Veröffentlicht 22.12.2022 20:15:14
  • Zuletzt bearbeitet 16.04.2025 16:15:21

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

6.5

CVE-2022-22742

  • EPSS 0.1%
  • Veröffentlicht 22.12.2022 20:15:14
  • Zuletzt bearbeitet 16.04.2025 16:15:22

When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

8.8

CVE-2022-1529

  • EPSS 3.71%
  • Veröffentlicht 22.12.2022 20:15:13
  • Zuletzt bearbeitet 16.04.2025 16:15:20

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process...

8.8

CVE-2022-1802

  • EPSS 63.84%
  • Veröffentlicht 22.12.2022 20:15:13
  • Zuletzt bearbeitet 16.04.2025 16:15:20

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9....

9.8

CVE-2022-1887

  • EPSS 0.39%
  • Veröffentlicht 22.12.2022 20:15:13
  • Zuletzt bearbeitet 16.04.2025 16:15:21

The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.