CVE-2022-26486 An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
The issue is triggered when WebGPU is enabled in a site and a malformed message is received by the browser. By sending a malformed message,
CVE-2022-22759 An iframe with sandboxed scripts wouldn't allow scripts if a document append element has a JavaScript event handler.
An iframe can have an event handler that runs scripts on the iframe's parent. The event can be prevented from running by blocking the event
CVE-2022-36315 Subresource Integrity protects against script reuse when an injection attack occurs.
If the integrity service is enabled for a script, it can be triggered by injecting a fake script that appears to come from a trusted
CVE-2022-29914 Reusing existing popups could have allowed for browser spoofing attacks.
Thunderbird and Firefox are not vulnerable if they are using the --force-fullscreen command line argument. All versions of the browser are vulnerable to clickjacking if
CVE-2022-22743 An attacker-controlled tab could make the browser unable to leave fullscreen mode.
Firefox users that are relying on Google Chrome or Microsoft Edge to view sites that have been changed to require full-screen mode are advised to
Episode
00:00:00
00:00:00