AVG-2714 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 97.0.2-1
Fixed 98.0-1
Current 128.0-2 [extra]
Ticket None
Created Sat May 14 21:05:23 2022
Issue Severity Remote Type Description
CVE-2022-26387 High Unknown Unknown
When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on...
CVE-2022-26385 Medium Yes Arbitrary code execution
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after- free causing a...
CVE-2022-26384 High Yes Unknown
If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...
CVE-2022-26383 High Yes Unknown
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
CVE-2022-26382 Medium Yes Information disclosure
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the...
CVE-2022-26381 High Yes Arbitrary code execution
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.
CVE-2022-0843 Medium Unknown Arbitrary code execution
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence...