| 0 |
| url |
VCID-7juy-9d9m-q3ak |
| vulnerability_id |
VCID-7juy-9d9m-q3ak |
| summary |
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-31747
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7juy-9d9m-q3ak |
|
| 1 |
|
| 2 |
| url |
VCID-bvhn-6mnr-vyas |
| vulnerability_id |
VCID-bvhn-6mnr-vyas |
| summary |
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-31742
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bvhn-6mnr-vyas |
|
| 3 |
|
| 4 |
| url |
VCID-dgm8-wwst-kbe2 |
| vulnerability_id |
VCID-dgm8-wwst-kbe2 |
| summary |
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-31744
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dgm8-wwst-kbe2 |
|
| 5 |
| url |
VCID-dnd5-9xgp-u7h9 |
| vulnerability_id |
VCID-dnd5-9xgp-u7h9 |
| summary |
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-31743
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dnd5-9xgp-u7h9 |
|
| 6 |
| url |
VCID-f9nt-79kq-6kbf |
| vulnerability_id |
VCID-f9nt-79kq-6kbf |
| summary |
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-31738
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f9nt-79kq-6kbf |
|
| 7 |
|
| 8 |
| url |
VCID-j4qf-hfjp-5yct |
| vulnerability_id |
VCID-j4qf-hfjp-5yct |
| summary |
Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-31748
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j4qf-hfjp-5yct |
|
| 9 |
|
| 10 |
|