| CVE-2022-31748 |
High |
Yes |
Arbitrary code execution |
|
| CVE-2022-31747 |
High |
Yes |
Arbitrary code execution |
|
| CVE-2022-31745 |
Medium |
Unknown |
Unknown |
If array shift operations are not used, the Garbage Collector may have become confused about valid objects. |
| CVE-2022-31744 |
Medium |
Yes |
Access restriction bypass |
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. |
| CVE-2022-31743 |
Medium |
Yes |
Unknown |
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape... |
| CVE-2022-31742 |
Medium |
Unknown |
Information disclosure |
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key... |
| CVE-2022-31741 |
High |
Yes |
Information disclosure |
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. |
| CVE-2022-31738 |
High |
Yes |
Content spoofing |
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or... |
| CVE-2022-31737 |
High |
Yes |
Arbitrary code execution |
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. |
| CVE-2022-31736 |
High |
Yes |
Information disclosure |
A malicious website could have learned the size of a cross-origin resource that supported Range requests. |
| CVE-2022-1919 |
Low |
Unknown |
Unknown |
An attacker could have caused an uninitialized variable on the stack to be mistakenly freed, causing a potentially exploitable crash. |