MozillaFirefox-branding-SLE (SUSE:OpenStack Cloud 9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 9 package MozillaFirefox-branding-SLE, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (69)
CVE-2022-34470 — CVSS 9.8 (critical): Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102…
CVE-2022-34485 — CVSS 9.8 (critical): Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of…
CVE-2022-34476 — CVSS 9.8 (critical): ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This…
CVE-2022-34483 — CVSS 8.8 (high): An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to…
CVE-2022-34484 — CVSS 8.8 (high): The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory…
CVE-2023-37201 — CVSS 8.8 (high): An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects…
CVE-2022-38478 — CVSS 8.8 (high): Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of…
CVE-2020-12426 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory…
CVE-2022-34480 — CVSS 8.8 (high): Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been…
CVE-2022-38477 — CVSS 8.8 (high): Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some…
CVE-2023-37212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2021-29980 — CVSS 8.8 (high): Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable…
CVE-2021-29981 — CVSS 8.8 (high): An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code…
CVE-2020-12420 — CVSS 8.8 (high): When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and…
CVE-2020-12417 — CVSS 8.8 (high): Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a…
CVE-2021-29984 — CVSS 8.8 (high): Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage…
CVE-2021-29985 — CVSS 8.8 (high): A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This…
CVE-2022-38473 — CVSS 8.8 (high): A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)…
CVE-2022-34481 — CVSS 8.8 (high): In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to…
CVE-2022-34482 — CVSS 8.8 (high): An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to…
CVE-2023-37211 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2021-38495 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and…
CVE-2022-2200 — CVSS 8.8 (high): If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading…
CVE-2022-2505 — CVSS 8.8 (high): Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of…
CVE-2022-34468 — CVSS 8.8 (high): An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability…
CVE-2023-37209 — CVSS 8.8 (high): A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that…
CVE-2023-37202 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2020-12416 — CVSS 8.8 (high): A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory…
CVE-2020-12419 — CVSS 8.8 (high): When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a…
CVE-2020-12422 — CVSS 8.8 (high): In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out…
CVE-2021-29988 — CVSS 8.8 (high): Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a…
CVE-2021-29989 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory…
CVE-2021-29990 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory…
CVE-2022-34469 — CVSS 8.1 (high): When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the…
CVE-2021-29991 — CVSS 8.1 (high): Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting…
CVE-2021-29986 — CVSS 8.1 (high): A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only…
CVE-2023-37208 — CVSS 7.8 (high): When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox <…
CVE-2023-37203 — CVSS 7.8 (high): Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users…
CVE-2020-12423 — CVSS 7.8 (high): When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%…
CVE-2022-34477 — CVSS 7.5 (high): The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site…
CVE-2022-36319 — CVSS 7.5 (high): When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This…
CVE-2022-38476 — CVSS 7.5 (high): A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this…
CVE-2021-38492 — CVSS 6.5 (medium): When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and…
CVE-2020-12415 — CVSS 6.5 (medium): When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a…
CVE-2020-12418 — CVSS 6.5 (medium): Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This…
CVE-2020-12421 — CVSS 6.5 (medium): When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by…
CVE-2020-12424 — CVSS 6.5 (medium): When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been…
CVE-2020-12425 — CVSS 6.5 (medium): Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential…
CVE-2021-29982 — CVSS 6.5 (medium): Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a…
CVE-2021-29983 — CVSS 6.5 (medium): Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note…
CVE-2021-29987 — CVSS 6.5 (medium): After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a…
CVE-2022-34471 — CVSS 6.5 (medium): When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the…
CVE-2022-34478 — CVSS 6.5 (medium): The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing…
CVE-2022-34479 — CVSS 6.5 (medium): A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in…
CVE-2022-38472 — CVSS 6.5 (medium): An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the…
CVE-2023-3482 — CVSS 6.5 (medium): When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a…
CVE-2023-37204 — CVSS 6.5 (medium): A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational…
CVE-2023-37205 — CVSS 6.5 (medium): The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
CVE-2023-37206 — CVSS 6.5 (medium): Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website…
CVE-2023-37207 — CVSS 6.5 (medium): A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto…
CVE-2023-37210 — CVSS 6.5 (medium): A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible…
CVE-2022-34475 — CVSS 6.1 (medium): SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was…
CVE-2022-34473 — CVSS 6.1 (medium): The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did…
CVE-2022-34474 — CVSS 6.1 (medium): Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an…
CVE-2022-36314 — CVSS 5.5 (medium): When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network…
CVE-2022-36318 — CVSS 5.3 (medium): When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox…
CVE-2020-6813 — CVSS 5.3 (medium): When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an…
CVE-2020-12402 — CVSS 4.4 (medium): During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly…
CVE-2022-34472 — CVSS 4.3 (medium): If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in…