Skip to main content
CVE-2022-29918 HIGH This Week

Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-29909 HIGH This Week

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-28289 HIGH This Week

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-28288 HIGH This Week

Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-28284 HIGH This Week

SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstances. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-22764 HIGH This Week

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-22763 HIGH This Week

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22761 HIGH This Week

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-22758 HIGH This Week

When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Google Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-22755 HIGH This Week

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22752 HIGH This Week

Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-22751 HIGH This Week

Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22744 HIGH This Week

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-1802 HIGH This Week

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Prototype Pollution Firefox +2
NVD
CVSS 3.1
8.8
EPSS
26.7%
CVE-2022-1529 HIGH This Week

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Prototype Pollution Firefox +2
NVD
CVSS 3.1
8.8
EPSS
17.1%
CVE-2022-0843 HIGH This Week

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-0566 HIGH This Week

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Mozilla Buffer Overflow Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0511 HIGH This Week

Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-46872 HIGH This Week

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-45414 HIGH This Week

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-42927 HIGH This Week

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-3033 HIGH This Week

If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-34469 HIGH This Week

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-45415 HIGH This Week

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3155 HIGH This Week

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Mozilla Thunderbird
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0517 HIGH This Week

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Mozilla File Upload OpenSSL Vpn
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-47896 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ssti Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23540 HIGH PATCH This Week

In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Jsonwebtoken
NVD GitHub
CVSS 3.1
7.6
EPSS
0.5%
CVE-2022-22184 HIGH This Week

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45407 HIGH This Week

If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-38476 HIGH This Week

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Use After Free Mozilla Memory Corruption Firefox Esr +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36319 HIGH This Week

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34477 HIGH This Week

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22741 HIGH This Week

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22461 HIGH PATCH This Week

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-47895 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-42930 HIGH This Week

If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
7.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy