VulnerableCode Package Details - pkg:alpm/archlinux/firefox@98.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-69v9-jknd-aaam	An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.	CVE-2022-26381
VCID-9e79-r9um-aaag	When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.	CVE-2022-26387
VCID-g8ev-urxw-aaac	In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.	CVE-2022-26385
VCID-nfu5-vgm8-aaaq	While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.	CVE-2022-26382
VCID-npyv-g3uj-aaaj	If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.	CVE-2022-26384
VCID-p5e2-s6r2-aaaf	Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98.	CVE-2022-0843
VCID-wg4g-7st5-aaab	When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.	CVE-2022-26383

Vulnerability

Summary

Aliases

VCID-69v9-jknd-aaam

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-26381

VCID-9e79-r9um-aaag

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-26387

VCID-g8ev-urxw-aaac

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.

CVE-2022-26385

VCID-nfu5-vgm8-aaaq

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.

CVE-2022-26382

VCID-npyv-g3uj-aaaj

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-26384

VCID-p5e2-s6r2-aaaf

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98.

CVE-2022-0843

VCID-wg4g-7st5-aaab

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-26383

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:16.340216+00:00	Arch Linux Importer	Fixing	VCID-p5e2-s6r2-aaaf	https://security.archlinux.org/AVG-2714	36.0.0
2025-03-28T07:45:16.313501+00:00	Arch Linux Importer	Fixing	VCID-69v9-jknd-aaam	https://security.archlinux.org/AVG-2714	36.0.0
2025-03-28T07:45:16.283772+00:00	Arch Linux Importer	Fixing	VCID-nfu5-vgm8-aaaq	https://security.archlinux.org/AVG-2714	36.0.0
2025-03-28T07:45:16.254023+00:00	Arch Linux Importer	Fixing	VCID-wg4g-7st5-aaab	https://security.archlinux.org/AVG-2714	36.0.0
2025-03-28T07:45:16.224018+00:00	Arch Linux Importer	Fixing	VCID-npyv-g3uj-aaaj	https://security.archlinux.org/AVG-2714	36.0.0
2025-03-28T07:45:16.205266+00:00	Arch Linux Importer	Fixing	VCID-g8ev-urxw-aaac	https://security.archlinux.org/AVG-2714	36.0.0
2025-03-28T07:45:16.186561+00:00	Arch Linux Importer	Fixing	VCID-9e79-r9um-aaag	https://security.archlinux.org/AVG-2714	36.0.0
2024-09-18T02:00:12.333748+00:00	Arch Linux Importer	Fixing	VCID-p5e2-s6r2-aaaf	https://security.archlinux.org/AVG-2714	34.0.1
2024-09-18T02:00:12.309854+00:00	Arch Linux Importer	Fixing	VCID-69v9-jknd-aaam	https://security.archlinux.org/AVG-2714	34.0.1
2024-09-18T02:00:12.285458+00:00	Arch Linux Importer	Fixing	VCID-nfu5-vgm8-aaaq	https://security.archlinux.org/AVG-2714	34.0.1
2024-09-18T02:00:12.263470+00:00	Arch Linux Importer	Fixing	VCID-wg4g-7st5-aaab	https://security.archlinux.org/AVG-2714	34.0.1
2024-09-18T02:00:12.239218+00:00	Arch Linux Importer	Fixing	VCID-npyv-g3uj-aaaj	https://security.archlinux.org/AVG-2714	34.0.1
2024-09-18T02:00:12.216854+00:00	Arch Linux Importer	Fixing	VCID-g8ev-urxw-aaac	https://security.archlinux.org/AVG-2714	34.0.1
2024-09-18T02:00:12.196453+00:00	Arch Linux Importer	Fixing	VCID-9e79-r9um-aaag	https://security.archlinux.org/AVG-2714	34.0.1
2024-01-03T22:26:26.700837+00:00	Arch Linux Importer	Fixing	VCID-p5e2-s6r2-aaaf	https://security.archlinux.org/AVG-2714	34.0.0rc1
2024-01-03T22:26:26.679016+00:00	Arch Linux Importer	Fixing	VCID-69v9-jknd-aaam	https://security.archlinux.org/AVG-2714	34.0.0rc1
2024-01-03T22:26:26.650151+00:00	Arch Linux Importer	Fixing	VCID-nfu5-vgm8-aaaq	https://security.archlinux.org/AVG-2714	34.0.0rc1
2024-01-03T22:26:26.628763+00:00	Arch Linux Importer	Fixing	VCID-wg4g-7st5-aaab	https://security.archlinux.org/AVG-2714	34.0.0rc1
2024-01-03T22:26:26.609861+00:00	Arch Linux Importer	Fixing	VCID-npyv-g3uj-aaaj	https://security.archlinux.org/AVG-2714	34.0.0rc1
2024-01-03T22:26:26.590955+00:00	Arch Linux Importer	Fixing	VCID-g8ev-urxw-aaac	https://security.archlinux.org/AVG-2714	34.0.0rc1
2024-01-03T22:26:26.572212+00:00	Arch Linux Importer	Fixing	VCID-9e79-r9um-aaag	https://security.archlinux.org/AVG-2714	34.0.0rc1

2025-03-28T07:45:16.340216+00:00

Arch Linux Importer

Fixing