Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d0f7183 by security tracker role at 2022-12-22T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-0025
+ RESERVED
+CVE-2023-0024
+ RESERVED
+CVE-2023-0023
+ RESERVED
+CVE-2023-0022
+ RESERVED
+CVE-2023-0021
+ RESERVED
+CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via
/aya/module/admin/fst_ ...)
+ TODO: check
+CVE-2022-4663
+ RESERVED
+CVE-2022-4662
+ RESERVED
+CVE-2022-4661
+ RESERVED
+CVE-2022-4660
+ RESERVED
+CVE-2022-4659
+ RESERVED
+CVE-2022-4658
+ RESERVED
+CVE-2022-4657
+ RESERVED
+CVE-2022-4656
+ RESERVED
+CVE-2022-4655
+ RESERVED
+CVE-2022-4654
+ RESERVED
+CVE-2022-4653
+ RESERVED
+CVE-2022-4652
+ RESERVED
+CVE-2022-4651
+ RESERVED
+CVE-2022-4650
+ RESERVED
+CVE-2022-4649
+ RESERVED
+CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
destiny.g ...)
+ TODO: check
+CVE-2020-36624 (A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1.
It has ...)
+ TODO: check
CVE-2022-47925
RESERVED
CVE-2022-47924
@@ -54,10 +100,10 @@ CVE-2022-47912
RESERVED
CVE-2022-47911
RESERVED
-CVE-2022-47896
- RESERVED
-CVE-2022-47895
- RESERVED
+CVE-2022-47896 (In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were
vulnera ...)
+ TODO: check
+CVE-2022-47895 (In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP
File" act ...)
+ TODO: check
CVE-2022-47894
RESERVED
CVE-2022-47893
@@ -2402,7 +2448,7 @@ CVE-2022-46331
CVE-2022-4517
RESERVED
CVE-2022-4516
- RESERVED
+ REJECTED
NOT-FOR-US: OpenShift
CVE-2022-4515 (A flaw was found in Exuberant Ctags in the way it handles the
"-o" opt ...)
- exuberant-ctags <unfixed>
@@ -4041,37 +4087,32 @@ CVE-2022-46887
RESERVED
CVE-2022-46886
RESERVED
-CVE-2022-46885
- RESERVED
+CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the
Mozilla Fuzzin ...)
+ TODO: check
CVE-2022-46884
RESERVED
-CVE-2022-46883
- RESERVED
-CVE-2022-46882
- RESERVED
+CVE-2022-46883 (Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew
McCreight a ...)
+ TODO: check
+CVE-2022-46882 (A use-after-free in WebGL extensions could have led to a
potentially e ...)
{DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46882
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46882
-CVE-2022-46881
- RESERVED
+CVE-2022-46881 (An optimization in WebGL was incorrect in some cases, and
could have l ...)
{DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46881
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46881
-CVE-2022-46880
- RESERVED
+CVE-2022-46880 (A missing check related to tex units could have led to a
use-after-fre ...)
{DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- thunderbird 1:102.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46880
-CVE-2022-46879
- RESERVED
+CVE-2022-46879 (Mozilla developers and community members Lukas Bernhard,
Gabriele Svel ...)
- firefox 108.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46879
-CVE-2022-46878
- RESERVED
+CVE-2022-46878 (Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay,
and the ...)
{DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
@@ -4079,22 +4120,19 @@ CVE-2022-46878
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46878
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878
-CVE-2022-46877
- RESERVED
+CVE-2022-46877 (By confusing the browser, the fullscreen notification could
have been ...)
- firefox 108.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46877
CVE-2022-46876
RESERVED
-CVE-2022-46875
- RESERVED
+CVE-2022-46875 (The executable file warning was not presented when downloading
.atloc ...)
- firefox <not-affected> (Only affects MacOS)
- firefox-esr <not-affected> (Only affects MacOS)
- thunderbird <not-affected> (Only affects MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46875
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46875
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46875
-CVE-2022-46874
- RESERVED
+CVE-2022-46874 (A file with a long filename could have had its filename
truncated to r ...)
{DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
@@ -4102,12 +4140,10 @@ CVE-2022-46874
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46874
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46874
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46874
-CVE-2022-46873
- RESERVED
+CVE-2022-46873 (Because Firefox did not implement the
<code>unsafe-hashes</co ...)
- firefox 108.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46873
-CVE-2022-46872
- RESERVED
+CVE-2022-46872 (An attacker who compromised a content process could have
partially esc ...)
{DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
@@ -4115,8 +4151,7 @@ CVE-2022-46872
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46872
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872
-CVE-2022-46871
- RESERVED
+CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities
that cou ...)
- firefox 108.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871
CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
@@ -6394,8 +6429,8 @@ CVE-2022-46172
RESERVED
CVE-2022-46171
RESERVED
-CVE-2022-46170
- RESERVED
+CVE-2022-46170 (CodeIgniter is a PHP full-stack web framework. When an
application use ...)
+ TODO: check
CVE-2022-46169 (Cacti is an open source platform which provides a robust and
extensibl ...)
{DSA-5298-1}
- cacti 1.2.22+ds1-3 (bug #1025648)
@@ -6607,10 +6642,10 @@ CVE-2022-46104
RESERVED
CVE-2022-46103
RESERVED
-CVE-2022-46102
- RESERVED
-CVE-2022-46101
- RESERVED
+CVE-2022-46102 (AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via
/aya/module/ad ...)
+ TODO: check
+CVE-2022-46101 (AyaCMS v3.1.2 was found to have a code flaw in the
ust_sql.inc.php fil ...)
+ TODO: check
CVE-2022-46100
RESERVED
CVE-2022-46099
@@ -6879,8 +6914,8 @@ CVE-2022-45968 (Alist v3.4.0 is vulnerable to File
Upload. A user with only file
NOT-FOR-US: Alist
CVE-2022-45967
RESERVED
-CVE-2022-45966
- RESERVED
+CVE-2022-45966 (here is an arbitrary file upload vulnerability in the file
management ...)
+ TODO: check
CVE-2022-45965
RESERVED
CVE-2022-45964
@@ -8586,8 +8621,7 @@ CVE-2023-21420
RESERVED
CVE-2023-21419
RESERVED
-CVE-2022-45421
- RESERVED
+CVE-2022-45421 (Mozilla developers Andrew McCreight and Gabriele Svelto
reported memor ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8595,8 +8629,7 @@ CVE-2022-45421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45421
-CVE-2022-45420
- RESERVED
+CVE-2022-45420 (Use tables inside of an iframe, an attacker could have caused
iframe c ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8604,12 +8637,10 @@ CVE-2022-45420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45420
-CVE-2022-45419
- RESERVED
+CVE-2022-45419 (If the user added a security exception for an invalid TLS
certificate, ...)
- firefox 107.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45419
-CVE-2022-45418
- RESERVED
+CVE-2022-45418 (If a custom mouse cursor is specified in CSS, under certain
circumstan ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8617,12 +8648,10 @@ CVE-2022-45418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418
-CVE-2022-45417
- RESERVED
+CVE-2022-45417 (Service Workers did not detect Private Browsing Mode correctly
in all ...)
- firefox 107.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45417
-CVE-2022-45416
- RESERVED
+CVE-2022-45416 (Keyboard events reference strings like "KeyA" that were at
fixed, know ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8630,23 +8659,19 @@ CVE-2022-45416
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45416
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45416
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45416
-CVE-2022-45415
- RESERVED
+CVE-2022-45415 (When downloading an HTML file, if the title of the page was
formatted ...)
- firefox 107.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45415
-CVE-2022-45414
- RESERVED
+CVE-2022-45414 (If a Thunderbird user quoted from an HTML email, for example
by replyi ...)
{DSA-5303-1}
- thunderbird 1:102.5.1-1
[bullseye] - thunderbird <postponed> (Minor issue, fix along in next
ESR update)
[buster] - thunderbird <postponed> (Minor issue)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/#CVE-2022-45414
-CVE-2022-45413
- RESERVED
+CVE-2022-45413 (Using the <code>S.browser_fallback_url
parameter</code> pa ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45413
-CVE-2022-45412
- RESERVED
+CVE-2022-45412 (When resolving a symlink such as
<code>file:///proc/self/fd/1< ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8654,8 +8679,7 @@ CVE-2022-45412
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45412
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45412
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45412
-CVE-2022-45411
- RESERVED
+CVE-2022-45411 (Cross-Site Tracing occurs when a server will echo a request
back via t ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8663,8 +8687,7 @@ CVE-2022-45411
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45411
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45411
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45411
-CVE-2022-45410
- RESERVED
+CVE-2022-45410 (When a ServiceWorker intercepted a request with
<code>FetchEvent ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8672,8 +8695,7 @@ CVE-2022-45410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45410
-CVE-2022-45409
- RESERVED
+CVE-2022-45409 (The garbage collector could have been aborted in several
states and zo ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8681,8 +8703,7 @@ CVE-2022-45409
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45409
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45409
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45409
-CVE-2022-45408
- RESERVED
+CVE-2022-45408 (Through a series of popups that reuse windowName, an attacker
can caus ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8690,12 +8711,10 @@ CVE-2022-45408
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45408
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45408
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45408
-CVE-2022-45407
- RESERVED
+CVE-2022-45407 (If an attacker loaded a font using
<code>FontFace()</code> ...)
- firefox 107.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45407
-CVE-2022-45406
- RESERVED
+CVE-2022-45406 (If an out-of-memory condition occurred when creating a
JavaScript glob ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8703,8 +8722,7 @@ CVE-2022-45406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45406
-CVE-2022-45405
- RESERVED
+CVE-2022-45405 (Freeing arbitrary <code>nsIInputStream</code>'s on
a diffe ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8712,8 +8730,7 @@ CVE-2022-45405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45405
-CVE-2022-45404
- RESERVED
+CVE-2022-45404 (Through a series of popup and
<code>window.print()</code> ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8721,8 +8738,7 @@ CVE-2022-45404
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45404
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45404
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45404
-CVE-2022-45403
- RESERVED
+CVE-2022-45403 (Service Workers should not be able to infer information about
opaque c ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
@@ -8840,8 +8856,7 @@ CVE-2022-45349
RESERVED
CVE-2022-45348
RESERVED
-CVE-2022-45347
- RESERVED
+CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as
databas ...)
NOT-FOR-US: Apache ShardingSphere-Proxy
CVE-2022-45344
RESERVED
@@ -12232,8 +12247,8 @@ CVE-2022-44512
RESERVED
CVE-2022-44511
RESERVED
-CVE-2022-44510
- RESERVED
+CVE-2022-44510 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-44509
RESERVED
CVE-2022-44508
@@ -18007,8 +18022,7 @@ CVE-2022-42934 (A malicious crafted .dwf or .pct file
when consumed through Desi
NOT-FOR-US: Autodesk
CVE-2022-42933 (A malicious crafted .dwf or .pct file when consumed through
DesignRevi ...)
NOT-FOR-US: Autodesk
-CVE-2022-42932
- RESERVED
+CVE-2022-42932 (Mozilla developers Ashley Hale and the Mozilla Fuzzing Team
reported m ...)
{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
@@ -18016,16 +18030,13 @@ CVE-2022-42932
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42932
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42932
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42932
-CVE-2022-42931
- RESERVED
+CVE-2022-42931 (Logins saved by Firefox should be managed by the Password
Manager comp ...)
- firefox 106.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42931
-CVE-2022-42930
- RESERVED
+CVE-2022-42930 (If two Workers were simultaneously initializing their
CacheStorage, a ...)
- firefox 106.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930
-CVE-2022-42929
- RESERVED
+CVE-2022-42929 (If a website called <code>window.print()</code> in
a parti ...)
{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
@@ -18033,8 +18044,7 @@ CVE-2022-42929
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42929
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42929
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929
-CVE-2022-42928
- RESERVED
+CVE-2022-42928 (Certain types of allocations were missing annotations that, if
the Gar ...)
{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
@@ -18042,8 +18052,7 @@ CVE-2022-42928
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42928
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42928
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42928
-CVE-2022-42927
- RESERVED
+CVE-2022-42927 (A same-origin policy violation could have allowed the theft of
cross-o ...)
{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
@@ -21110,16 +21119,16 @@ CVE-2022-41702 (The affected product DIAEnergie
(versions prior to v1.9.01.002)
NOT-FOR-US: DIAEnergie
CVE-2022-41701 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
-CVE-2022-41697
- RESERVED
+CVE-2022-41697 (A user enumeration vulnerability exists in the login
functionality of ...)
+ TODO: check
CVE-2022-41688 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41683
RESERVED
CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a
and prio ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-41654
- RESERVED
+CVE-2022-41654 (An authentication bypass vulnerability exists in the
newsletter subscr ...)
+ TODO: check
CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version
1.2.3 and pr ...)
NOT-FOR-US: Daikin
CVE-2022-41651 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
@@ -22451,8 +22460,8 @@ CVE-2022-3268 (Weak Password Requirements in GitHub
repository ikus060/minarca p
NOT-FOR-US: minarca
CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository
ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3266
- RESERVED
+CVE-2022-3266 (An out-of-bounds read can occur when decoding H264 video. This
results ...)
+ TODO: check
CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop
notific ...)
- kitty 0.21.2-2 (bug #1020582)
[bullseye] - kitty <no-dsa> (Minor issue)
@@ -23219,8 +23228,7 @@ CVE-2022-40976 (A path traversal vulnerability was
discovered in multiple Pilz p
NOT-FOR-US: Pilz
CVE-2022-40969
RESERVED
-CVE-2022-40962
- RESERVED
+CVE-2022-40962 (Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian
Hengst, And ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
@@ -23228,12 +23236,10 @@ CVE-2022-40962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40962
-CVE-2022-40961
- RESERVED
+CVE-2022-40961 (During startup, a graphics driver with an unexpected name
could lead t ...)
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961
-CVE-2022-40960
- RESERVED
+CVE-2022-40960 (Concurrent use of the URL parser with non-UTF-8 data was not
thread-sa ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
@@ -23241,8 +23247,7 @@ CVE-2022-40960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960
-CVE-2022-40959
- RESERVED
+CVE-2022-40959 (During iframe navigation, certain pages did not have their
FeaturePoli ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
@@ -23250,8 +23255,7 @@ CVE-2022-40959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959
-CVE-2022-40958
- RESERVED
+CVE-2022-40958 (By injecting a cookie with certain special characters, an
attacker on ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
@@ -23259,8 +23263,7 @@ CVE-2022-40958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958
-CVE-2022-40957
- RESERVED
+CVE-2022-40957 (Inconsistent data in instruction and data cache when creating
wasm cod ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
@@ -23268,8 +23271,7 @@ CVE-2022-40957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957
-CVE-2022-40956
- RESERVED
+CVE-2022-40956 (When injecting an HTML base element, some requests would
ignore the CS ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
@@ -25260,8 +25262,7 @@ CVE-2022-40146 (Server-Side Request Forgery (SSRF)
vulnerability in Batik of Apa
NOTE:
https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading
CVE-2022-40145 (This vulnerable is about a potential code injection when an
attacker h ...)
- apache-karaf <itp> (bug #881297)
-CVE-2022-3155
- RESERVED
+CVE-2022-3155 (When saving or opening an email attachment on macOS,
Thunderbird did n ...)
- thunderbird <not-affected> (Only affects MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3155
CVE-2022-3154 (The Woo Billingo Plus WordPress plugin before 4.4.5.4,
Integration for ...)
@@ -28162,8 +28163,7 @@ CVE-2022-3036 (The Gettext override translations
WordPress plugin before 2.0.0 d
NOT-FOR-US: WordPress plugin
CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository
snipe/snipe-i ...)
- snipe-it <itp> (bug #1005172)
-CVE-2022-3034
- RESERVED
+CVE-2022-3034 (When receiving an HTML email that specified to load an
<code>ifr ...)
- thunderbird 1:102.2.1-1
[bullseye] - thunderbird <not-affected> (Only affects ESR102)
[buster] - thunderbird <not-affected> (Only affects ESR102)
@@ -28655,14 +28655,12 @@ CVE-2022-38069 (Multiple globally default credentials
exist across all CMS8000 d
NOT-FOR-US: Contec Health
CVE-2022-36385 (A threat actor with momentary access to the device can plug in
a USB d ...)
NOT-FOR-US: Contec Health
-CVE-2022-3033
- RESERVED
+CVE-2022-3033 (If a Thunderbird user replied to a crafted HTML email
containing a < ...)
- thunderbird 1:102.2.1-1
[bullseye] - thunderbird <not-affected> (Only affects ESR102)
[buster] - thunderbird <not-affected> (Only affects ESR102)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3033
-CVE-2022-3032
- RESERVED
+CVE-2022-3032 (When receiving an HTML email that contained an
<code>iframe</ ...)
- thunderbird 1:102.2.1-1
[bullseye] - thunderbird <not-affected> (Only affects ESR102)
[buster] - thunderbird <not-affected> (Only affects ESR102)
@@ -29230,8 +29228,8 @@ CVE-2022-38660 (HCL XPages applications are susceptible
to a Cross Site Request
NOT-FOR-US: HCL
CVE-2022-38659 (In specific scenarios, on Windows the operator credentials may
be encr ...)
NOT-FOR-US: HCL
-CVE-2022-38658
- RESERVED
+CVE-2022-38658 (BigFix deployments that have installed the Notification
Service on Win ...)
+ TODO: check
CVE-2022-38657
RESERVED
CVE-2022-38656 (HCL Commerce, when using Elasticsearch, can allow a remote
attacker to ...)
@@ -29690,8 +29688,7 @@ CVE-2022-38480
RESERVED
CVE-2022-38479
RESERVED
-CVE-2022-38478
- RESERVED
+CVE-2022-38478 (Members the Mozilla Fuzzing Team reported memory safety bugs
present i ...)
{DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
@@ -29701,8 +29698,7 @@ CVE-2022-38478
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38478
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38478
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38478
-CVE-2022-38477
- RESERVED
+CVE-2022-38477 (Mozilla developer Nika Layzell and the Mozilla Fuzzing Team
reported m ...)
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
[bullseye] - firefox-esr <not-affected> (Vulnerable code not present in
the ESR91 version)
@@ -29713,8 +29709,7 @@ CVE-2022-38477
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38477
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38477
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38477
-CVE-2022-38476
- RESERVED
+CVE-2022-38476 (A data race could occur in the
<code>PK11_ChangePW</code> ...)
- firefox-esr 102.2.0esr-1
[bullseye] - firefox-esr <not-affected> (Vulnerable code not present in
the ESR91 version)
[buster] - firefox-esr <not-affected> (Vulnerable code not present in
the ESR91 version)
@@ -29723,16 +29718,13 @@ CVE-2022-38476
[buster] - thunderbird <not-affected> (Vulnerable code not present in
the 91.x version)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38476
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38476
-CVE-2022-38475
- RESERVED
+CVE-2022-38475 (An attacker could have written a value to the first element in
a zero- ...)
- firefox 104.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38475
-CVE-2022-38474
- RESERVED
+CVE-2022-38474 (A website that had permission to access the microphone could
record au ...)
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38474
-CVE-2022-38473
- RESERVED
+CVE-2022-38473 (A cross-origin iframe referencing an XSLT document would
inherit the p ...)
{DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
@@ -29742,8 +29734,7 @@ CVE-2022-38473
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38473
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38473
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38473
-CVE-2022-38472
- RESERVED
+CVE-2022-38472 (An attacker could have abused XSLT error handling to associate
attacke ...)
{DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
@@ -35444,8 +35435,7 @@ CVE-2022-36360 (A vulnerability has been identified in
LOGO! 8 BM (incl. SIPLUS
NOT-FOR-US: LOGO!
CVE-2022-35239 (The image file management page of SolarView Compact
SV-CPT-MC310 Ver.7 ...)
NOT-FOR-US: SolarView Compact SV-CPT-MC310
-CVE-2022-2505
- RESERVED
+CVE-2022-2505 (Mozilla developers and the Mozilla Fuzzing Team reported memory
safety ...)
- firefox 103.0-1
- thunderbird 1:102.1.0-1
[bullseye] - thunderbird <not-affected> (Only affects 102 ESR)
@@ -35546,12 +35536,10 @@ CVE-2022-36322 (In JetBrains TeamCity before
2022.04.2 build parameter injection
NOT-FOR-US: JetBrains TeamCity
CVE-2022-36321 (In JetBrains TeamCity before 2022.04.2 the private SSH key
could be wr ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2022-36320
- RESERVED
+CVE-2022-36320 (Mozilla developers and the Mozilla Fuzzing Team reported
memory safety ...)
- firefox 103.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320
-CVE-2022-36319
- RESERVED
+CVE-2022-36319 (When combining CSS properties for overflow and transform, the
mouse cu ...)
{DSA-5195-1 DSA-5193-1}
- firefox 103.0-1
- firefox-esr 91.12.0esr-1
@@ -35559,8 +35547,7 @@ CVE-2022-36319
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36319
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36319
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36319
-CVE-2022-36318
- RESERVED
+CVE-2022-36318 (When visiting directory listings for `chrome://` URLs as
source text, ...)
{DSA-5195-1 DSA-5193-1}
- firefox 103.0-1
- firefox-esr 91.12.0esr-1
@@ -35568,20 +35555,16 @@ CVE-2022-36318
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36318
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36318
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36318
-CVE-2022-36317
- RESERVED
+CVE-2022-36317 (When visiting a website with an overly long URL, the user
interface wo ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36317
-CVE-2022-36316
- RESERVED
+CVE-2022-36316 (When using the Performance API, an attacker was able to notice
subtle ...)
- firefox 103.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36316
-CVE-2022-36315
- RESERVED
+CVE-2022-36315 (When loading a script with Subresource Integrity, attackers
with an in ...)
- firefox 103.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36315
-CVE-2022-36314
- RESERVED
+CVE-2022-36314 (When opening a Windows shortcut from the local filesystem, an
attacker ...)
- firefox <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36314
@@ -40021,8 +40004,7 @@ CVE-2022-2228 (Information exposure in GitLab EE
affecting all versions from 12.
- gitlab <not-affected> (Specific to EE)
CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE
affecti ...)
- gitlab <unfixed>
-CVE-2022-2226
- RESERVED
+CVE-2022-2226 (An OpenPGP digital signature includes information about the
date when ...)
{DSA-5175-1}
- thunderbird 1:91.11.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226
@@ -40833,8 +40815,7 @@ CVE-2022-2202
RESERVED
CVE-2022-2201
RESERVED
-CVE-2022-2200
- RESERVED
+CVE-2022-2200 (If an object prototype was corrupted by an attacker, they would
have b ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
@@ -40844,12 +40825,10 @@ CVE-2022-2200
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2200
CVE-2022-2199 (The main MiCODUS MV720 GPS tracker web server has a reflected
cross-si ...)
NOT-FOR-US: MiCODUS
-CVE-2022-34485
- RESERVED
+CVE-2022-34485 (Mozilla developers Bryce Seager van Dyk and the Mozilla
Fuzzing Team r ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34485
-CVE-2022-34484
- RESERVED
+CVE-2022-34484 (The Mozilla Fuzzing Team reported potential vulnerabilities
present in ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
@@ -40857,16 +40836,13 @@ CVE-2022-34484
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34484
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34484
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34484
-CVE-2022-34483
- RESERVED
+CVE-2022-34483 (An attacker who could have convinced a user to drag and drop
an image ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34483
-CVE-2022-34482
- RESERVED
+CVE-2022-34482 (An attacker who could have convinced a user to drag and drop
an image ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34482
-CVE-2022-34481
- RESERVED
+CVE-2022-34481 (In the
<code>nsTArray_Impl::ReplaceElementsAt()</code> fun ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
@@ -40874,12 +40850,10 @@ CVE-2022-34481
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34481
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34481
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34481
-CVE-2022-34480
- RESERVED
+CVE-2022-34480 (Within the <code>lg_init()</code> function, if
several all ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34480
-CVE-2022-34479
- RESERVED
+CVE-2022-34479 (A malicious website that could create a popup could have
resized the p ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
@@ -40887,36 +40861,29 @@ CVE-2022-34479
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34479
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34479
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34479
-CVE-2022-34478
- RESERVED
+CVE-2022-34478 (The <code>ms-msdt</code>,
<code>search</code>, ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34478
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34478
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34478
-CVE-2022-34477
- RESERVED
+CVE-2022-34477 (The MediaError message property should be consistent to avoid
leaking ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34477
-CVE-2022-34476
- RESERVED
+CVE-2022-34476 (ASN.1 parsing of an indefinite SEQUENCE inside an indefinite
GROUP cou ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34476
-CVE-2022-34475
- RESERVED
+CVE-2022-34475 (SVG <code>&lt;use&gt;</code> tags that
referenced ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34475
-CVE-2022-34474
- RESERVED
+CVE-2022-34474 (Even when an iframe was sandboxed with
<code>allow-top-navigatio ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34474
-CVE-2022-34473
- RESERVED
+CVE-2022-34473 (The HTML Sanitizer should have sanitized the
<code>href</code ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34473
-CVE-2022-34472
- RESERVED
+CVE-2022-34472 (If there was a PAC URL set and the server that hosts the PAC
was not r ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
@@ -40924,12 +40891,10 @@ CVE-2022-34472
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34472
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34472
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34472
-CVE-2022-34471
- RESERVED
+CVE-2022-34471 (When downloading an update for an addon, the downloaded addon
update's ...)
- firefox 102.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34471
-CVE-2022-34470
- RESERVED
+CVE-2022-34470 (Session history navigations may have led to a use-after-free
and poten ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
@@ -40937,12 +40902,10 @@ CVE-2022-34470
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34470
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34470
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34470
-CVE-2022-34469
- RESERVED
+CVE-2022-34469 (When a TLS Certificate error occurs on a domain protected by
the HSTS ...)
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34469
-CVE-2022-34468
- RESERVED
+CVE-2022-34468 (An iframe that was not permitted to run scripts could do so if
the use ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
@@ -48112,12 +48075,10 @@ CVE-2020-36523 (A vulnerability was found in PlantUML
6.43. It has been declared
NOT-FOR-US: Atlassian PlantUML plugin
CVE-2022-31749
RESERVED
-CVE-2022-31748
- RESERVED
+CVE-2022-31748 (Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell
Jesup, Jon ...)
- firefox 101.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748
-CVE-2022-31747
- RESERVED
+CVE-2022-31747 (Mozilla developers Andrew McCreight, Nicolas B. Pierron, and
the Mozil ...)
{DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
@@ -48125,14 +48086,12 @@ CVE-2022-31747
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747
-CVE-2022-31746
- RESERVED
-CVE-2022-31745
- RESERVED
+CVE-2022-31746 (Internal URLs are protected by a secret UUID key, which could
have bee ...)
+ TODO: check
+CVE-2022-31745 (If array shift operations are not used, the Garbage Collector
may have ...)
- firefox 101.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745
-CVE-2022-31744
- RESERVED
+CVE-2022-31744 (An attacker could have injected CSS into stylesheets
accessible via in ...)
{DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 101.0-1
- firefox-esr 91.11.0esr-1
@@ -48140,12 +48099,10 @@ CVE-2022-31744
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31744
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-31744
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-31744
-CVE-2022-31743
- RESERVED
+CVE-2022-31743 (Firefox's HTML parser did not correctly interpret HTML comment
tags, r ...)
- firefox 101.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743
-CVE-2022-31742
- RESERVED
+CVE-2022-31742 (An attacker could have exploited a timing attack by sending a
large nu ...)
{DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
@@ -48153,8 +48110,7 @@ CVE-2022-31742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742
-CVE-2022-31741
- RESERVED
+CVE-2022-31741 (A crafted CMS message could have been processed incorrectly,
leading t ...)
{DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
@@ -48162,8 +48118,7 @@ CVE-2022-31741
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741
-CVE-2022-31740
- RESERVED
+CVE-2022-31740 (On arm64, WASM code could have resulted in incorrect assembly
generati ...)
{DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
@@ -48171,16 +48126,14 @@ CVE-2022-31740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740
-CVE-2022-31739
- RESERVED
+CVE-2022-31739 (When downloading files on Windows, the % character was not
escaped, wh ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739
-CVE-2022-31738
- RESERVED
+CVE-2022-31738 (When exiting fullscreen mode, an iframe could have confused
the browse ...)
{DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
@@ -48188,8 +48141,7 @@ CVE-2022-31738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738
-CVE-2022-31737
- RESERVED
+CVE-2022-31737 (A malicious webpage could have caused an out-of-bounds write
in WebGL, ...)
{DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
@@ -48197,8 +48149,7 @@ CVE-2022-31737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737
-CVE-2022-31736
- RESERVED
+CVE-2022-31736 (A malicious website could have learned the size of a
cross-origin reso ...)
{DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
@@ -48562,8 +48513,8 @@ CVE-2021-4231 (A vulnerability was found in Angular up
to 11.0.4/11.1.0-next.2.
NOTE: AngularJS upstream support has officially ended as of January 2022
CVE-2022-31619 (A vulnerability has been identified in Teamcenter V12.4 (All
versions ...)
NOT-FOR-US: Siemens
-CVE-2022-1887
- RESERVED
+CVE-2022-1887 (The search term could have been specified externally to trigger
SQL in ...)
+ TODO: check
CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a
@@ -49523,8 +49474,7 @@ CVE-2022-1836
REJECTED
CVE-2022-1835
REJECTED
-CVE-2022-1834
- RESERVED
+CVE-2022-1834 (When displaying the sender of an email, and the sender name
contained ...)
{DSA-5158-1 DLA-3041-1}
- thunderbird 1:91.10.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834
@@ -49661,8 +49611,7 @@ CVE-2022-1804
RESERVED
CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
NOT-FOR-US: Trudesk
-CVE-2022-1802
- RESERVED
+CVE-2022-1802 (If an attacker was able to corrupt the methods of an Array
object in J ...)
{DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
@@ -53552,12 +53501,10 @@ CVE-2022-29927 (In JetBrains TeamCity before 2022.04
reflected XSS on the Build
NOT-FOR-US: JetBrains TeamCity
CVE-2022-29922 (Improper Input Validation vulnerability in the handling of a
specially ...)
NOT-FOR-US: Hitachi
-CVE-2022-29918
- RESERVED
+CVE-2022-29918 (Mozilla developers Gabriele Svelto, Randell Jesup and the
Mozilla Fuzz ...)
- firefox 100.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29918
-CVE-2022-29917
- RESERVED
+CVE-2022-29917 (Mozilla developers Andrew McCreight, Gabriele Svelto, Tom
Ritter and t ...)
{DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
@@ -53565,8 +53512,7 @@ CVE-2022-29917
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29917
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29917
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29917
-CVE-2022-29916
- RESERVED
+CVE-2022-29916 (Firefox behaved slightly differently for already known
resources when ...)
{DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
@@ -53574,12 +53520,10 @@ CVE-2022-29916
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29916
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29916
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29916
-CVE-2022-29915
- RESERVED
+CVE-2022-29915 (The Performance API did not properly hide the fact whether a
request c ...)
- firefox 100.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29915
-CVE-2022-29914
- RESERVED
+CVE-2022-29914 (When reusing existing popups Firefox would have allowed them
to cover ...)
{DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
@@ -53587,13 +53531,11 @@ CVE-2022-29914
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29914
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29914
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29914
-CVE-2022-29913
- RESERVED
+CVE-2022-29913 (The parent process would not properly check whether the Speech
Synthes ...)
{DSA-5141-1 DLA-3020-1}
- thunderbird 1:91.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29913
-CVE-2022-29912
- RESERVED
+CVE-2022-29912 (Requests initiated through reader mode did not properly omit
cookies w ...)
{DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
@@ -53601,8 +53543,7 @@ CVE-2022-29912
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29912
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29912
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29912
-CVE-2022-29911
- RESERVED
+CVE-2022-29911 (An improper implementation of the new iframe sandbox keyword
<code& ...)
{DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
@@ -53610,12 +53551,10 @@ CVE-2022-29911
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29911
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29911
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29911
-CVE-2022-29910
- RESERVED
+CVE-2022-29910 (When closed or sent to the background, Firefox for Android
would not p ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29910
-CVE-2022-29909
- RESERVED
+CVE-2022-29909 (Documents in deeply-nested cross-origin browsing contexts
could have o ...)
{DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
@@ -53663,8 +53602,7 @@ CVE-2022-1531 (SQL injection vulnerability in ARAX-UI
Synonym Lookup functionali
NOT-FOR-US: RTX
CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository
livehelperchat/livehel ...)
NOT-FOR-US: livehelperchat
-CVE-2022-1529
- RESERVED
+CVE-2022-1529 (An attacker could have sent a message to the parent process
where the ...)
{DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
@@ -53791,8 +53729,7 @@ CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System
in firmware version 1.0.3
NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1521 (LRM does not implement authentication or authorization by
default. A m ...)
NOT-FOR-US: LRM
-CVE-2022-1520
- RESERVED
+CVE-2022-1520 (When viewing an email message A, which contains an attached
message B, ...)
{DSA-5141-1 DLA-3020-1}
- thunderbird 1:91.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
@@ -58357,8 +58294,7 @@ CVE-2022-28291 (Insufficiently Protected Credentials:
An authenticated user with
NOT-FOR-US: Nessus
CVE-2022-28290 (Reflective Cross-Site Scripting vulnerability in WordPress
Country Sel ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-28289
- RESERVED
+CVE-2022-28289 (Mozilla developers and community members Nika Layzell, Andrew
McCreigh ...)
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
@@ -58366,16 +58302,13 @@ CVE-2022-28289
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28289
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28289
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28289
-CVE-2022-28288
- RESERVED
+CVE-2022-28288 (Mozilla developers and community members Randell Jesup,
Sebastian Heng ...)
- firefox 99.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28288
-CVE-2022-28287
- RESERVED
+CVE-2022-28287 (In unusual circumstances, selecting text could cause text
selection ca ...)
- firefox 99.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28287
-CVE-2022-28286
- RESERVED
+CVE-2022-28286 (Due to a layout change, iframe contents could have been
rendered outsi ...)
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
@@ -58383,8 +58316,7 @@ CVE-2022-28286
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28286
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28286
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28286
-CVE-2022-28285
- RESERVED
+CVE-2022-28285 (When generating the assembly code for
<code>MLoadTypedArrayEleme ...)
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
@@ -58392,16 +58324,13 @@ CVE-2022-28285
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28285
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28285
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28285
-CVE-2022-28284
- RESERVED
+CVE-2022-28284 (SVG's <code>&lt;use&gt;</code> element
could have ...)
- firefox 99.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28284
-CVE-2022-28283
- RESERVED
+CVE-2022-28283 (The sourceMapURL feature in devtools was missing security
checks that ...)
- firefox 99.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28283
-CVE-2022-28282
- RESERVED
+CVE-2022-28282 (By using a link with
<code>rel="localization"</code> a use ...)
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
@@ -58410,8 +58339,7 @@ CVE-2022-28282
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28282
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28282
NOTE: https://github.com/Pwnrin/CVE-2022-28282
-CVE-2022-28281
- RESERVED
+CVE-2022-28281 (If a compromised content process sent an unexpected number of
WebAuthN ...)
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
@@ -58428,13 +58356,11 @@ CVE-2022-1198 (A use-after-free vulnerabilitity was
discovered in drivers/net/ha
{DSA-5173-1 DSA-5127-1 DLA-3065-1}
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3
-CVE-2022-1197
- RESERVED
+CVE-2022-1197 (When importing a revoked key that specified key compromise as
the revo ...)
{DSA-5118-1 DLA-2978-1}
- thunderbird 1:91.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1197
-CVE-2022-1196
- RESERVED
+CVE-2022-1196 (After a VR Process is destroyed, a reference to it may have
been retai ...)
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -59811,8 +59737,7 @@ CVE-2022-26371
RESERVED
CVE-2022-26064
RESERVED
-CVE-2022-1097
- RESERVED
+CVE-2022-1097 (<code>NSSToken</code> objects were referenced via
direct p ...)
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
@@ -63718,15 +63643,13 @@ CVE-2022-26490 (st21nfca_connectivity_event_received
in drivers/nfc/st21nfca/se.
{DSA-5173-1 DSA-5127-1 DLA-3065-1}
- linux 5.16.18-1
NOTE:
https://git.kernel.org/linus/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
-CVE-2022-26486
- RESERVED
+CVE-2022-26486 (An unexpected message in the WebGPU IPC framework could lead
to a use- ...)
{DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1}
- firefox 99.0-1
- firefox-esr 91.6.1esr-1
- thunderbird 1:91.6.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26486
-CVE-2022-26485
- RESERVED
+CVE-2022-26485 (Removing an XSLT parameter during processing could have lead
to an exp ...)
{DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1}
- firefox 99.0-1
- firefox-esr 91.6.1esr-1
@@ -64013,8 +63936,7 @@ CVE-2022-0846 (The SpeakOut! Email Petitions WordPress
plugin before 2.14.15.1 d
NOT-FOR-US: WordPress plugin
CVE-2022-0845 (Code Injection in GitHub repository
pytorchlightning/pytorch-lightning ...)
NOT-FOR-US: pytorchlightning
-CVE-2022-26387
- RESERVED
+CVE-2022-26387 (When installing an add-on, Firefox verified the signature
before promp ...)
{DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
@@ -64022,19 +63944,16 @@ CVE-2022-26387
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26387
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26387
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387
-CVE-2022-26386
- RESERVED
+CVE-2022-26386 (Previously Firefox for macOS and Linux would download
temporary files ...)
{DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386
-CVE-2022-26385
- RESERVED
+CVE-2022-26385 (In unusual circumstances, an individual thread may outlive the
thread' ...)
- firefox 98.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385
-CVE-2022-26384
- RESERVED
+CVE-2022-26384 (If an attacker could control the contents of an iframe
sandboxed with ...)
{DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
@@ -64042,8 +63961,7 @@ CVE-2022-26384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384
-CVE-2022-26383
- RESERVED
+CVE-2022-26383 (When resizing a popup after requesting fullscreen access, the
popup wo ...)
{DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
@@ -64051,12 +63969,10 @@ CVE-2022-26383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26383
-CVE-2022-26382
- RESERVED
+CVE-2022-26382 (While the text displayed in Autofill tooltips cannot be
directly read ...)
- firefox 98.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382
-CVE-2022-26381
- RESERVED
+CVE-2022-26381 (An attacker could have caused a use-after-free by forcing a
text reflo ...)
{DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
@@ -64083,8 +63999,7 @@ CVE-2022-25989 (An authentication bypass vulnerability
exists in the libxm_av.so
NOT-FOR-US: Anker Eufy Homebase
CVE-2022-0844
REJECTED
-CVE-2022-0843
- RESERVED
+CVE-2022-0843 (Mozilla developers Kershaw Chang, Ryan VanderMeulen, and
Randell Jesup ...)
- firefox 98.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-0843
CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise
ePolicy Orche ...)
@@ -66970,8 +66885,8 @@ CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected
in Packagist microweber/mi
NOT-FOR-US: microweber
CVE-2022-0677 (Improper Handling of Length Parameter Inconsistency
vulnerability in t ...)
NOT-FOR-US: Bitdefender
-CVE-2021-4221
- RESERVED
+CVE-2021-4221 (If a domain name contained a RTL character, it would cause the
domain ...)
+ TODO: check
CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
NOT-FOR-US: ZEROF Web Server
CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...)
@@ -68183,8 +68098,7 @@ CVE-2022-0568
RESERVED
CVE-2022-0567 (A flaw was found in ovn-kubernetes. This flaw allows a system
administ ...)
NOT-FOR-US: Openshift/ovn-kubernetes
-CVE-2022-0566
- RESERVED
+CVE-2022-0566 (It may be possible for an attacker to craft an email message
that caus ...)
{DSA-5086-1 DLA-2930-1}
- thunderbird 1:91.6.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566
@@ -69313,8 +69227,8 @@ CVE-2022-0518 (Heap-based Buffer Overflow in GitHub
repository radareorg/radare2
- radare2 <unfixed> (bug #1014478)
NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184
NOTE:
https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
-CVE-2022-0517
- RESERVED
+CVE-2022-0517 (Mozilla VPN can load an OpenSSL configuration file from an
unsecured d ...)
+ TODO: check
CVE-2022-0516 (A vulnerability was found in kvm_s390_guest_sida_op in the
arch/s390/k ...)
{DSA-5092-1}
- linux 5.16.10-1
@@ -69875,8 +69789,7 @@ CVE-2022-0512 (Authorization Bypass Through
User-Controlled Key in NPM url-parse
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered
by security support)
NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
NOTE:
https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40
(1.5.6)
-CVE-2022-0511
- RESERVED
+CVE-2022-0511 (Mozilla developers and community members Gabriele Svelto,
Sebastian He ...)
- firefox 97.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511
CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist
pimcore/pimcore pr ...)
@@ -73233,8 +73146,8 @@ CVE-2022-23558 (Tensorflow is an Open Source Machine
Learning Framework. An atta
- tensorflow <itp> (bug #804612)
CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An
attacker c ...)
- tensorflow <itp> (bug #804612)
-CVE-2022-23556
- RESERVED
+CVE-2022-23556 (CodeIgniter is a PHP full-stack web framework. This
vulnerability may ...)
+ TODO: check
CVE-2022-23555
RESERVED
CVE-2022-23554
@@ -73263,10 +73176,10 @@ CVE-2022-23543 (Silverware Games is a social network
where people can play games
TODO: check
CVE-2022-23542 (OpenFGA is an authorization/permission engine built for
developers and ...)
TODO: check
-CVE-2022-23541
- RESERVED
-CVE-2022-23540
- RESERVED
+CVE-2022-23541 (jsonwebtoken is an implementation of JSON Web Tokens. Versions
`<= ...)
+ TODO: check
+CVE-2022-23540 (In versions `<=8.5.1` of `jsonwebtoken` library, lack of
algorithm ...)
+ TODO: check
CVE-2022-23539
RESERVED
CVE-2022-23538
@@ -76252,8 +76165,7 @@ CVE-2022-22766 (Hardcoded credentials are used in
specific BD Pyxis products. If
NOT-FOR-US: BD Pyxis
CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded
credent ...)
NOT-FOR-US: BD Viper LT system
-CVE-2022-22764
- RESERVED
+CVE-2022-22764 (Mozilla developers Paul Adenot and the Mozilla Fuzzing Team
reported m ...)
{DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
@@ -76261,19 +76173,16 @@ CVE-2022-22764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764
-CVE-2022-22763
- RESERVED
+CVE-2022-22763 (When a worker is shutdown, it was possible to cause script to
run late ...)
{DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
- firefox-esr 91.6.0esr-1
- thunderbird 1:91.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763
-CVE-2022-22762
- RESERVED
+CVE-2022-22762 (Under certain circumstances, a JavaScript alert (or prompt)
could have ...)
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762
-CVE-2022-22761
- RESERVED
+CVE-2022-22761 (Web-accessible extension pages (pages with a moz-extension://
scheme) ...)
{DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
@@ -76281,8 +76190,7 @@ CVE-2022-22761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761
-CVE-2022-22760
- RESERVED
+CVE-2022-22760 (When importing resources using Web Workers, error messages
would disti ...)
{DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
@@ -76290,8 +76198,7 @@ CVE-2022-22760
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760
-CVE-2022-22759
- RESERVED
+CVE-2022-22759 (If a document created a sandboxed iframe without
<code>allow-scr ...)
{DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
@@ -76299,16 +76206,13 @@ CVE-2022-22759
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22759
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22759
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22759
-CVE-2022-22758
- RESERVED
+CVE-2022-22758 (When clicking on a tel: link, USSD codes, specified after a
<code&g ...)
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22758
-CVE-2022-22757
- RESERVED
+CVE-2022-22757 (Remote Agent, used in WebDriver, did not validate the Host or
Origin h ...)
- firefox 97.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22757
-CVE-2022-22756
- RESERVED
+CVE-2022-22756 (If a user was convinced to drag and drop an image to their
desktop or ...)
{DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
@@ -76316,12 +76220,10 @@ CVE-2022-22756
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756
-CVE-2022-22755
- RESERVED
+CVE-2022-22755 (By using XSL Transforms, a malicious webserver could have
served a use ...)
- firefox 97.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755
-CVE-2022-22754
- RESERVED
+CVE-2022-22754 (If a user installed an extension of a particular type, the
extension c ...)
{DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
@@ -76329,20 +76231,17 @@ CVE-2022-22754
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22754
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22754
-CVE-2022-22753
- RESERVED
+CVE-2022-22753 (A Time-of-Check Time-of-Use bug existed in the Maintenance
(Updater) S ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22753
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22753
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22753
-CVE-2022-22752
- RESERVED
+CVE-2022-22752 (Mozilla developers Christian Holler and Jason Kratzer reported
memory ...)
- firefox 96.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752
-CVE-2022-22751
- RESERVED
+CVE-2022-22751 (Mozilla developers Calixte Denizet, Kershaw Chang, Christian
Holler, J ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76350,16 +76249,13 @@ CVE-2022-22751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22751
-CVE-2022-22750
- RESERVED
+CVE-2022-22750 (By generally accepting and passing resource handles across
processes, ...)
- firefox <not-affected> (Only affects Windows and MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22750
-CVE-2022-22749
- RESERVED
+CVE-2022-22749 (When scanning QR codes, Firefox for Android would have allowed
navigat ...)
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749
-CVE-2022-22748
- RESERVED
+CVE-2022-22748 (Malicious websites could have confused Firefox into showing
the wrong ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76367,8 +76263,7 @@ CVE-2022-22748
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22748
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22748
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
-CVE-2022-22747
- RESERVED
+CVE-2022-22747 (After accepting an untrusted certificate, handling an empty
pkcs7 sequ ...)
{DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
- nss 2:3.73-1
- firefox 96.0-1
@@ -76379,16 +76274,14 @@ CVE-2022-22747
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22747
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1735028
NOTE:
https://hg.mozilla.org/projects/nss/rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0
-CVE-2022-22746
- RESERVED
+CVE-2022-22746 (A race condition could have allowed bypassing the fullscreen
notificat ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22746
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22746
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746
-CVE-2022-22745
- RESERVED
+CVE-2022-22745 (Securitypolicyviolation events could have leaked cross-origin
informat ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76396,16 +76289,14 @@ CVE-2022-22745
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22745
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22745
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22745
-CVE-2022-22744
- RESERVED
+CVE-2022-22744 (The constructed curl command from the "Copy as curl" feature
in DevToo ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22744
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22744
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744
-CVE-2022-22743
- RESERVED
+CVE-2022-22743 (When navigating from inside an iframe while requesting
fullscreen acce ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76413,8 +76304,7 @@ CVE-2022-22743
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22743
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22743
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743
-CVE-2022-22742
- RESERVED
+CVE-2022-22742 (When inserting text while in edit mode, some characters might
have lea ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76422,8 +76312,7 @@ CVE-2022-22742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742
-CVE-2022-22741
- RESERVED
+CVE-2022-22741 (When resizing a popup while requesting fullscreen access, the
popup wo ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76431,8 +76320,7 @@ CVE-2022-22741
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22741
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22741
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741
-CVE-2022-22740
- RESERVED
+CVE-2022-22740 (Certain network request objects were freed too early when
releasing a ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76440,8 +76328,7 @@ CVE-2022-22740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22740
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740
-CVE-2022-22739
- RESERVED
+CVE-2022-22739 (Malicious websites could have tricked users into accepting
launching a ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76449,8 +76336,7 @@ CVE-2022-22739
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22739
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22739
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739
-CVE-2022-22738
- RESERVED
+CVE-2022-22738 (Applying a CSS filter effect could have accessed out of bounds
memory. ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76458,8 +76344,7 @@ CVE-2022-22738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22738
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738
-CVE-2022-22737
- RESERVED
+CVE-2022-22737 (Constructing audio sinks could have lead to a race condition
when play ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -76467,8 +76352,7 @@ CVE-2022-22737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22737
-CVE-2022-22736
- RESERVED
+CVE-2022-22736 (If Firefox was installed to a world-writable directory, a
local privil ...)
- firefox <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22736
CVE-2022-22735 (The Simple Quotation WordPress plugin through 1.3.2 does not
have auth ...)
@@ -80915,8 +80799,7 @@ CVE-2021-4142 (The Candlepin component of Red Hat
Satellite was affected by an i
NOT-FOR-US: Red Hat Satellite / Candlepin
CVE-2021-4141
REJECTED
-CVE-2021-4140
- RESERVED
+CVE-2021-4140 (It was possible to construct specific XSLT markup that would be
able t ...)
{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -81411,14 +81294,13 @@ CVE-2021-4131 (livehelperchat is vulnerable to
Cross-Site Request Forgery (CSRF)
NOT-FOR-US: livehelperchat
CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- snipe-it <itp> (bug #1005172)
-CVE-2021-4129
- RESERVED
-CVE-2021-4128
- RESERVED
-CVE-2021-4127
- RESERVED
-CVE-2021-4126
- RESERVED
+CVE-2021-4129 (Mozilla developers and community members Julian Hector, Randell
Jesup, ...)
+ TODO: check
+CVE-2021-4128 (When transitioning in and out of fullscreen mode, a graphics
object wa ...)
+ TODO: check
+CVE-2021-4127 (An out of date graphics library (Angle) likely contained
vulnerabiliti ...)
+ TODO: check
+CVE-2021-4126 (When receiving an OpenPGP/MIME signed email message that
contains an a ...)
{DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.4.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
@@ -189703,8 +189585,7 @@ CVE-2019-20907 (In Lib/tarfile.py in Python through
3.8.3, an attacker is able t
NOTE: https://github.com/python/cpython/pull/21454
CVE-2020-15686
RESERVED
-CVE-2020-15685
- RESERVED
+CVE-2020-15685 (During the plaintext phase of the STARTTLS connection setup,
protocol ...)
{DSA-4842-1 DLA-2541-1}
- thunderbird 1:78.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685
@@ -189728,8 +189609,8 @@ CVE-2020-15681 (When multiple WASM threads had a
reference to a module, and were
CVE-2020-15680 (If a valid external protocol handler was referenced in an
image tag, t ...)
- firefox 82.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680
-CVE-2020-15679
- RESERVED
+CVE-2020-15679 (An OAuth session fixation vulnerability existed in the VPN
login flow, ...)
+ TODO: check
CVE-2020-15678 (When recursing through graphical layers while scrolling, an
iterator m ...)
{DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
- firefox 81.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d0f7183e51dedf67469686a36dc613c40b3ae08
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d0f7183e51dedf67469686a36dc613c40b3ae08
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
