| CVE-2022-28289 |
High |
Yes |
Arbitrary code execution |
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present... |
| CVE-2022-28286 |
Low |
Yes |
Content spoofing |
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. |
| CVE-2022-28285 |
Medium |
Unknown |
Unknown |
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have... |
| CVE-2022-28282 |
Medium |
Unknown |
Unknown |
By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing... |
| CVE-2022-28281 |
High |
Yes |
Arbitrary code execution |
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would... |
| CVE-2022-24713 |
Low |
Unknown |
Unknown |
The rust regex crate did not properly prevent crafted regular expressions from taking an arbitrary amount of time during parsing. If an attacker was able to... |
| CVE-2022-1197 |
Medium |
Unknown |
Unknown |
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not... |
| CVE-2022-1196 |
Medium |
Unknown |
Unknown |
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. |
| CVE-2022-1097 |
High |
Yes |
Arbitrary code execution |
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use- after-free and... |