A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

Sorry, I can't find "_1760998?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-38476: Invalid Bug ID

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.

Tue Jan 3 2023 13:01:58 PST  

*   **Bug ID:** 1760611, 1770219, 1771159, 1773363?cve=title

**Zarro Boogs found.**

We couldn't find any bugs matching your search terms. You could try searching with fewer or different terms.

*   File a new bug
*   Edit this search
*   Start a new search

  

REST | CSV | Feed | iCalendar

Edit Search

 

as

CVE-2022-38477: Bug List

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.

**Mozilla Foundation Security Advisory 2021-11**

Announced

March 23, 2021

Impact

high

Products

Firefox ESR

Fixed in

*   Firefox ESR 78.9

**Note**: This advisory was updated June 8, 2021 to include CVE-2021-29955 which was also fixed in this release.

**#CVE-2021-29955: Transient Execution Vulnerability allowed leaking arbitrary memory address**

Reporter

Hany Ragab, Enrico Barberis, Herbert Bos, and Cristiano Giuffrida from the VUSec group at VU Amsterdam

Impact

high

**Description**

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.)

**References**

*   Bug 1692972

**#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read**

Reporter

Abraruddin Khan and Omair

Impact

high

**Description**

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.

**References**

*   Bug 1692832

**#CVE-2021-4127: Angle graphics library out of date**

Reporter

Mozilla Developers, Abraruddin Khan and Omair

Impact

high

**Description**

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited.

**References**

*   Bug 1691547

**#CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage**

Reporter

Samy Kamkar, Ben Seri, and Gregory Vishnepolsky

Impact

moderate

**Description**

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections.

**References**

*   Bug 1677046

**#CVE-2021-23984: Malicious extensions could have spoofed popup information**

Reporter

Rob Wu

Impact

moderate

**Description**

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.

**References**

*   Bug 1693664

**#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and community members Alexis Beingessner, Tyson Smith, Julien Wajsberg, and Matthew Gregan reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

CVE-2021-4127: Security Vulnerabilities fixed in Firefox ESR 78.9

An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.

**Mozilla Foundation Security Advisory 2022-33**

Announced

August 23, 2022

Impact

high

Products

Firefox

Fixed in

*   Firefox 104

**#CVE-2022-38472: Address bar spoofing via XSLT error handling**

Reporter

Armin Ebert

Impact

high

**Description**

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin.

**References**

*   Bug 1769155

**#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions**

Reporter

Armin Ebert

Impact

high

**Description**

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).

**References**

*   Bug 1771685

**#CVE-2022-38474: Recording notification not shown when microphone was recording on Android**

Reporter

Agi Sferro

Impact

low

**Description**

A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.  
_This bug only affects Firefox for Android. Other operating systems are unaffected._

**References**

*   Bug 1719511

**#CVE-2022-38475: Attacker could write a value to a zero-length array**

Reporter

Christian Holler

Impact

low

**Description**

An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address.

**References**

*   Bug 1773266

**#CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2

**#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13**

Reporter

Mozilla developers and community

Impact

high

**Description**

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13

CVE-2022-38475: Security Vulnerabilities fixed in Firefox 104

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

**Mozilla Foundation Security Advisory 2022-42**

Announced

September 20, 2022

Impact

high

Products

Thunderbird

Fixed in

*   Thunderbird 102.3

_In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts._

**#CVE-2022-3266: Out of bounds read when decoding H264**

Reporter

Willy R. Vasquez at UT Austin

Impact

high

**Description**

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash.

**References**

*   Bug 1767360

**#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages**

Reporter

Armin Ebert

Impact

high

**Description**

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments.

**References**

*   Bug 1782211

**#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads**

Reporter

Armin Ebert

Impact

high

**Description**

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash.

**References**

*   Bug 1787633

**#CVE-2022-40958: Bypassing Secure Context restriction for cookies with \_\_Host and \_\_Secure prefix**

Reporter

Axel Chong (@Haxatron)

Impact

moderate

**Description**

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks.

**References**

*   Bug 1779993

**#CVE-2022-40956: Content-Security-Policy base-uri bypass**

Reporter

Satoki Tsuji

Impact

low

**Description**

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead.

**References**

*   Bug 1770094

**#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64**

Reporter

Gary Kwong

Impact

low

**Description**

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.  
_This bug only affects Thunderbird on ARM64 platforms._

**References**

*   Bug 1777604

**#CVE-2022-3155: Attachment files saved to disk on macOS could be executed without warning**

Reporter

Koh M. Nakagawa

Impact

low

**Description**

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm.

**References**

*   Bug 1789061

**#CVE-2022-40962: Memory safety bugs fixed in Thunderbird 102.3**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Thunderbird 102.3

CVE-2022-3266: Security Vulnerabilities fixed in Thunderbird 102.3

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103.

Sorry, I can't find "_1759951?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-36317: Invalid Bug ID

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

**Mozilla Foundation Security Advisory 2022-30**

Announced

July 26, 2022

Impact

moderate

Products

Firefox ESR

Fixed in

*   Firefox ESR 102.1

**#CVE-2022-36319: Mouse Position spoofing with CSS transforms**

Reporter

Irvan Kurniawan

Impact

moderate

**Description**

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.

**References**

*   Bug 1737722

**#CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters**

Reporter

Gijs Kruitbosch

Impact

moderate

**Description**

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected.

**References**

*   Bug 1771774

**#CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads**

Reporter

akucybersec

Impact

moderate

**Description**

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.  
This bug only affects Firefox for Windows. Other operating systems are unaffected.\*

**References**

*   Bug 1773894

**#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 103 and 102.1

CVE-2022-36314: Security Vulnerabilities fixed in Firefox ESR 102.1

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103.

Tue Jan 3 2023 13:33:02 PST  

*   **Bug ID:** 1759794, 1760998?cve=title

**Zarro Boogs found.**

We couldn't find any bugs matching your search terms. You could try searching with fewer or different terms.

*   File a new bug
*   Edit this search
*   Start a new search

  

REST | CSV | Feed | iCalendar

Edit Search

 

as

CVE-2022-36320: Bug List

When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.

**Mozilla Foundation Security Advisory 2022-28**

Announced

July 26, 2022

Impact

moderate

Products

Firefox

Fixed in

*   Firefox 103

**#CVE-2022-36319: Mouse Position spoofing with CSS transforms**

Reporter

Irvan Kurniawan

Impact

moderate

**Description**

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.

**References**

*   Bug 1737722

**#CVE-2022-36317: Long URL would hang Firefox for Android**

Reporter

Irwan

Impact

moderate

**Description**

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.  
_This bug only affects Firefox for Android. Other operating systems are unaffected._

**References**

*   Bug 1759951

**#CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters**

Reporter

Gijs Kruitbosch

Impact

moderate

**Description**

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected.

**References**

*   Bug 1771774

**#CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads**

Reporter

akucybersec

Impact

moderate

**Description**

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.  
This bug only affects Firefox for Windows. Other operating systems are unaffected.\*

**References**

*   Bug 1773894

**#CVE-2022-36315: Preload Cache Bypasses Subresource Integrity**

Reporter

Hiroshige Hayashizaki

Impact

low

**Description**

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.

**References**

*   Bug 1762520

**#CVE-2022-36316: Performance API leaked whether a cross-site resource is redirecting**

Reporter

Jannis Rautenstrauch

Impact

low

**Description**

When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect.

**References**

*   Bug 1768583

**#CVE-2022-36320: Memory safety bugs fixed in Firefox 103**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 103

**#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 103 and 102.1

CVE-2022-36316: Security Vulnerabilities fixed in Firefox 103

The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.

**Mozilla Foundation Security Advisory 2022-16**

Announced

May 3, 2022

Impact

high

Products

Firefox

Fixed in

*   Firefox 100

**#CVE-2022-29914: Fullscreen notification bypass using popups**

Reporter

Irvan Kurniawan

Impact

high

**Description**

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.

**References**

*   Bug 1746448

**#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts**

Reporter

Armin Ebert

Impact

high

**Description**

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.

**References**

*   Bug 1755081

**#CVE-2022-29916: Leaking browser history with CSS variables**

Reporter

Mateusz Sionkowski

Impact

high

**Description**

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history.

**References**

*   Bug 1760674

**#CVE-2022-29911: iframe Sandbox bypass**

Reporter

Trung Pham

Impact

high

**Description**

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present.

**References**

*   Bug 1761981

**#CVE-2022-29912: Reader mode bypassed SameSite cookies**

Reporter

Matheus Vrech

Impact

moderate

**Description**

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.

**References**

*   Bug 1692655

**#CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security settings**

Reporter

Mark B

Impact

moderate

**Description**

When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.  
_Note: This issue only affected Firefox for Android. Other operating systems are unaffected._

**References**

*   Bug 1757138

**#CVE-2022-29915: Leaking cross-origin redirect through the Performance API**

Reporter

Sohom Datta

Impact

low

**Description**

The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects.

**References**

*   Bug 1751678

**#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9**

Reporter

Mozilla developers

Impact

high

**Description**

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

**#CVE-2022-29918: Memory safety bugs fixed in Firefox 100**

Reporter

Mozilla developers

Impact

high

**Description**

Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 100

Tag

#firefox