| CVE-2022-29917 |
High |
Yes |
Arbitrary code execution |
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox... |
| CVE-2022-29916 |
High |
Yes |
Information disclosure |
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the... |
| CVE-2022-29914 |
High |
Yes |
Content spoofing |
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. |
| CVE-2022-29913 |
Medium |
Yes |
Insufficient validation |
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. |
| CVE-2022-29912 |
Medium |
Yes |
Insufficient validation |
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. |
| CVE-2022-29911 |
High |
Yes |
Arbitrary code execution |
An improper implementation of the new iframe sandbox keyword allow- top-navigation-by-user-activation could lead to script execution without allow-scripts... |
| CVE-2022-29909 |
High |
Yes |
Privilege escalation |
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and... |
| CVE-2022-1520 |
Low |
No |
Insufficient validation |
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect... |