CVE-2022-38473 An iframe with an XSLT document would have the parent domain's permissions.
XSLT is an XML-based transformation language that allows you to transform or create XML document using XSLT stylesheets. XSLT has been disabled by default in
CVE-2022-45408 Popups through windowName can go fullscreen without notification, spoofing attacks.
The issue was discovered by Gajra Raja John of Cisco Talos. Firefox ESR users should update to the latest version, which is currently Firefox ESR
CVE-2022-31747 Memory safety bugs were found in Firefox 100 and Firefox ESR 91.9.
It has been reported that some Windows users may have encountered crashes when visiting some websites or receiving unexpected content. If you happen to be
CVE-2022-31737 An attacker wrote code outside of WebGL memory, which could lead to memory corruption and a crash.
A malicious website could cause a user to inadvertently click a malicous link, leading to code execution. This vulnerability affects Thunderbird 91.10, Firefox 101,
CVE-2022-38476 Data races in the code>PK11_ChangePW/code> function could lead to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password.
It has been assigned the CVE identifier CVE-2017-5208, and a full description of the vulnerability can be found here. Workarounds There are no known workarounds
Episode
00:00:00
00:00:00