Age | Commit message (Collapse) | Author | Files | Lines |
|
Security Vulnerabilities fixed in Firefox ESR 102.5
#CVE-2022-45403: Service Workers might have learned size of cross-origin
media files
#CVE-2022-45404: Fullscreen notification bypass
#CVE-2022-45405: Use-after-free in InputStream implementation
#CVE-2022-45406: Use-after-free of a JavaScript Realm
#CVE-2022-45408: Fullscreen notification bypass via windowName
#CVE-2022-45409: Use-after-free in Garbage Collection
#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie
policy
#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override
headers
#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
#CVE-2022-45416: Keystroke Side-Channel Leakage
#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
#CVE-2022-45420: Iframe contents could be rendered outside the iframe
#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR
102.5
|
|
Security Vulnerabilities fixed in Firefox ESR 102.4
#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
URLs
#CVE-2022-42928: Memory Corruption in JS Engine
#CVE-2022-42929: Denial of Service via window.print
#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR
102.4
|
|
Security Vulnerabilities fixed in Firefox ESR 102.3
#CVE-2022-3266: Out of bounds read when decoding H264
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with
__Host and __Secure prefix
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR
102.3
|
|
Mozilla Foundation Security Advisory 2022-34
Security Vulnerabilities fixed in Firefox ESR 102.2
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW
#CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR
102.2
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
|
|
Security Vulnerabilities fixed in Firefox ESR 102.1
#CVE-2022-36319: Mouse Position spoofing with CSS transforms
#CVE-2022-36318: Directory indexes for bundled resources reflected URL
parameters
#CVE-2022-36314: Opening local <code>.lnk</code> files could cause
unexpected network loads
#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1
|
|
|
|
|