Skip to main content
CVE-2022-3034 MEDIUM This Month

When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-38474 MEDIUM This Month

A website that had permission to access the microphone could record audio without the audio notification being shown. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-36315 MEDIUM This Month

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-34472 MEDIUM This Month

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-31745 MEDIUM This Month

If array shift operations are not used, the Garbage Collector may have become confused about valid objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-26383 MEDIUM This Month

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-22762 MEDIUM This Month

Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-22743 MEDIUM This Month

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-1520 MEDIUM This Month

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy