An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.

**Mozilla Foundation Security Advisory 2022-33**

Announced

August 23, 2022

Impact

high

Products

Firefox

Fixed in

*   Firefox 104

**#CVE-2022-38472: Address bar spoofing via XSLT error handling**

Reporter

Armin Ebert

Impact

high

**Description**

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin.

**References**

*   Bug 1769155

**#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions**

Reporter

Armin Ebert

Impact

high

**Description**

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).

**References**

*   Bug 1771685

**#CVE-2022-38474: Recording notification not shown when microphone was recording on Android**

Reporter

Agi Sferro

Impact

low

**Description**

A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.  
_This bug only affects Firefox for Android. Other operating systems are unaffected._

**References**

*   Bug 1719511

**#CVE-2022-38475: Attacker could write a value to a zero-length array**

Reporter

Christian Holler

Impact

low

**Description**

An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address.

**References**

*   Bug 1773266

**#CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2

**#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13**

Reporter

Mozilla developers and community

Impact

high

**Description**

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13

CVE-2022-38475: Security Vulnerabilities fixed in Firefox 104

When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.

**Mozilla Foundation Security Advisory 2022-28**

Announced

July 26, 2022

Impact

moderate

Products

Firefox

Fixed in

*   Firefox 103

**#CVE-2022-36319: Mouse Position spoofing with CSS transforms**

Reporter

Irvan Kurniawan

Impact

moderate

**Description**

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.

**References**

*   Bug 1737722

**#CVE-2022-36317: Long URL would hang Firefox for Android**

Reporter

Irwan

Impact

moderate

**Description**

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.  
_This bug only affects Firefox for Android. Other operating systems are unaffected._

**References**

*   Bug 1759951

**#CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters**

Reporter

Gijs Kruitbosch

Impact

moderate

**Description**

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected.

**References**

*   Bug 1771774

**#CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads**

Reporter

akucybersec

Impact

moderate

**Description**

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.  
This bug only affects Firefox for Windows. Other operating systems are unaffected.\*

**References**

*   Bug 1773894

**#CVE-2022-36315: Preload Cache Bypasses Subresource Integrity**

Reporter

Hiroshige Hayashizaki

Impact

low

**Description**

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.

**References**

*   Bug 1762520

**#CVE-2022-36316: Performance API leaked whether a cross-site resource is redirecting**

Reporter

Jannis Rautenstrauch

Impact

low

**Description**

When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect.

**References**

*   Bug 1768583

**#CVE-2022-36320: Memory safety bugs fixed in Firefox 103**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 103

**#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 103 and 102.1

CVE-2022-36316: Security Vulnerabilities fixed in Firefox 103

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103.

Sorry, I can't find "_1759951?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-36317: Invalid Bug ID

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

**Mozilla Foundation Security Advisory 2022-30**

Announced

July 26, 2022

Impact

moderate

Products

Firefox ESR

Fixed in

*   Firefox ESR 102.1

**#CVE-2022-36319: Mouse Position spoofing with CSS transforms**

Reporter

Irvan Kurniawan

Impact

moderate

**Description**

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.

**References**

*   Bug 1737722

**#CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters**

Reporter

Gijs Kruitbosch

Impact

moderate

**Description**

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected.

**References**

*   Bug 1771774

**#CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads**

Reporter

akucybersec

Impact

moderate

**Description**

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.  
This bug only affects Firefox for Windows. Other operating systems are unaffected.\*

**References**

*   Bug 1773894

**#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 103 and 102.1

CVE-2022-36314: Security Vulnerabilities fixed in Firefox ESR 102.1

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103.

Tue Jan 3 2023 13:33:02 PST  

*   **Bug ID:** 1759794, 1760998?cve=title

**Zarro Boogs found.**

We couldn't find any bugs matching your search terms. You could try searching with fewer or different terms.

*   File a new bug
*   Edit this search
*   Start a new search

  

REST | CSV | Feed | iCalendar

Edit Search

 

as

CVE-2022-36320: Bug List

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

**Mozilla Foundation Security Advisory 2022-42**

Announced

September 20, 2022

Impact

high

Products

Thunderbird

Fixed in

*   Thunderbird 102.3

_In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts._

**#CVE-2022-3266: Out of bounds read when decoding H264**

Reporter

Willy R. Vasquez at UT Austin

Impact

high

**Description**

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash.

**References**

*   Bug 1767360

**#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages**

Reporter

Armin Ebert

Impact

high

**Description**

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments.

**References**

*   Bug 1782211

**#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads**

Reporter

Armin Ebert

Impact

high

**Description**

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash.

**References**

*   Bug 1787633

**#CVE-2022-40958: Bypassing Secure Context restriction for cookies with \_\_Host and \_\_Secure prefix**

Reporter

Axel Chong (@Haxatron)

Impact

moderate

**Description**

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks.

**References**

*   Bug 1779993

**#CVE-2022-40956: Content-Security-Policy base-uri bypass**

Reporter

Satoki Tsuji

Impact

low

**Description**

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead.

**References**

*   Bug 1770094

**#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64**

Reporter

Gary Kwong

Impact

low

**Description**

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.  
_This bug only affects Thunderbird on ARM64 platforms._

**References**

*   Bug 1777604

**#CVE-2022-3155: Attachment files saved to disk on macOS could be executed without warning**

Reporter

Koh M. Nakagawa

Impact

low

**Description**

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm.

**References**

*   Bug 1789061

**#CVE-2022-40962: Memory safety bugs fixed in Thunderbird 102.3**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Thunderbird 102.3

CVE-2022-3266: Security Vulnerabilities fixed in Thunderbird 102.3

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.

Tue Jan 3 2023 19:12:04 PST  

*   **Bug ID:** 1789729, 1791363, 1792041?cve=title

**Zarro Boogs found.**

We couldn't find any bugs matching your search terms. You could try searching with fewer or different terms.

*   File a new bug
*   Edit this search
*   Start a new search

  

REST | CSV | Feed | iCalendar

Edit Search

 

as

CVE-2022-42932: Bug List

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

Sorry, I can't find "_1760998?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-38476: Invalid Bug ID

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

**Mozilla Foundation Security Advisory 2022-31**

Announced

July 28, 2022

Impact

moderate

Products

Thunderbird

Fixed in

*   Thunderbird 91.12

_In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts._

**#CVE-2022-36319: Mouse Position spoofing with CSS transforms**

Reporter

Irvan Kurniawan

Impact

moderate

**Description**

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.

**References**

*   Bug 1737722

**#CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters**

Reporter

Gijs Kruitbosch

Impact

moderate

**Description**

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected.

**References**

*   Bug 1771774

CVE-2022-36318: Security Vulnerabilities fixed in Thunderbird 91.12

The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.

Sorry, I can't find "_1767205?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

Tag

#firefox