| CVE-2022-29918 |
High |
Yes |
Arbitrary code execution |
Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed... |
| CVE-2022-29917 |
High |
Yes |
Arbitrary code execution |
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox... |
| CVE-2022-29916 |
High |
Yes |
Information disclosure |
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the... |
| CVE-2022-29915 |
Low |
Yes |
Information disclosure |
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. |
| CVE-2022-29914 |
High |
Yes |
Content spoofing |
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. |
| CVE-2022-29912 |
Medium |
Yes |
Insufficient validation |
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. |
| CVE-2022-29911 |
High |
Yes |
Arbitrary code execution |
An improper implementation of the new iframe sandbox keyword allow- top-navigation-by-user-activation could lead to script execution without allow-scripts... |
| CVE-2022-29909 |
High |
Yes |
Privilege escalation |
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and... |