CVE-2022-29910 Firefox for Android would not properly record and persist HSTS settings if it's closed or sent to the background.
On Windows, Linux and Mac computers and in various mobile and remote computing scenarios, a malicious website could bypass the user's HSTS setting
CVE-2022-31741 A crafted CMS message could have led to an invalid memory read, potentially memory corruption
If a user visited a malicious website or opened a malicious file on Windows, an attacker could potentially exploit this vulnerability to access arbitrary system
CVE-2022-36314 When opening a Windows shortcut, an attacker could supply a remote path that leads to unexpected network requests. This bug only affects Firefox for Windows.
It affects Windows Server operating systems that are running Windows Server 2008 or later, but it might not occur on systems that are running Windows
CVE-2022-22745 Security policy violations could leak cross-origin information for frame-ancestors violations.
On Windows 10, only Firefox ESR is currently supported. The issue occurs when a website hosts malicious content using WebExtensions. When a user visits a
CVE-2022-31739 The % character was not escaped when downloading on Windows, which could have lead to files being saved to attacker-influenced paths.
When downloading files, Thunderbird and Firefox sometimes incorrectly used the %HOMEPATH% variable as the location to save the downloaded file. In some cases, Windows system32/
Episode
00:00:00
00:00:00