AVG-2760 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 100.0.2-1
Fixed 101.0-1
Current 133.0.3-2 [extra]
Ticket None
Created Tue Jun 7 22:17:04 2022
Issue Severity Remote Type Description
CVE-2022-31748 High Yes Arbitrary code execution
CVE-2022-31747 High Yes Arbitrary code execution
CVE-2022-31745 Medium Unknown Unknown
If array shift operations are not used, the Garbage Collector may have become confused about valid objects.
CVE-2022-31744 Medium Yes Access restriction bypass
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy.
CVE-2022-31743 Medium Yes Unknown
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape...
CVE-2022-31742 Medium Unknown Information disclosure
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key...
CVE-2022-31741 High Yes Information disclosure
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.
CVE-2022-31738 High Yes Content spoofing
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or...
CVE-2022-31737 High Yes Arbitrary code execution
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.
CVE-2022-31736 High Yes Information disclosure
A malicious website could have learned the size of a cross-origin resource that supported Range requests.
CVE-2022-1919 Low Unknown Unknown
An attacker could have caused an uninitialized variable on the stack to be mistakenly freed, causing a potentially exploitable crash.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/