Описание
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, spoof user interface.
Below is a complete list of vulnerabilities:
- Elevation of privilege vulnerability in Maintenance (Updater) Service on Windows can be exploited to gain privileges.
- Information disclosure vulnerability in cross-origin responses can be exploited to obtain sensitive information.
- Memory safety vulnerability can be exploited to execute arbitrary code.
- Remote code execution vulnerability in XSL Transforms can be exploited remotely via special crafted XLS document to execute arbitrary code.
- Security bypass vulnerability in extensions can be exploited to bypass security restrictions.
- Security bypass vulnerability in Web Extension’s Content Security Policy and frame-ancestors directive can be exploited to bypass security restrictions.
- Security bypass vulnerability in Remote Agent if WebDriver is enable can be exploited to bypass security restrictions.
- Security bypass vulnerability in tel: link on Android can be exploited to perform cross-site scripting attack.
- Code execution vulnerability in Drag&Drop can be exploited via special crafted image to execute arbitrary code.
- Security bypass vulnerability in iframe can be exploited via special crafted document to bypass security restrictions.
- Security UI vulnerability in JavaScript Dialogs on Android can be exploited to spoof user interface.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2022-22753 warning
- CVE-2022-22760 warning
- CVE-2022-22764 warning
- CVE-2022-0511 warning
- CVE-2022-22755 warning
- CVE-2022-22754 warning
- CVE-2022-22761 warning
- CVE-2022-22757 warning
- CVE-2022-22758 warning
- CVE-2022-22756 warning
- CVE-2022-22759 warning
- CVE-2022-22762 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!