An update for firefox is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1674 Final 1.0 1.0 2023-09-22 Initial 2023-09-22 2023-09-22 openEuler SA Tool V1.0 2023-09-22 firefox security update An update for firefox is now available for openEuler-22.03-LTS-SP1. Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fix(es): Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80.(CVE-2020-15670) Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.(CVE-2020-15673) Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.(CVE-2020-15674) When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.(CVE-2020-15675) If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82.(CVE-2020-15680) When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.(CVE-2020-15681) When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.(CVE-2020-15682) Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.(CVE-2020-15683) Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.(CVE-2020-15684) Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.(CVE-2020-16012) Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.(CVE-2020-16044) In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.(CVE-2020-26950) (CVE-2020-26951) (CVE-2020-26953) (CVE-2020-26956) (CVE-2020-26958) (CVE-2020-26959) (CVE-2020-26960) (CVE-2020-26961) (CVE-2020-26962) (CVE-2020-26965) (CVE-2020-26968) (CVE-2020-26969) Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.(CVE-2020-26971) The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84.(CVE-2020-26972) Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.(CVE-2020-26973) When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.(CVE-2020-26974) When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.(CVE-2020-26976) Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.(CVE-2020-26978) When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84.(CVE-2020-26979) When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.(CVE-2020-35111) Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.(CVE-2020-35113) Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84.(CVE-2020-35114) If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.(CVE-2021-23953) Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.(CVE-2021-23954) The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.(CVE-2021-23955) An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.(CVE-2021-23956) The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.(CVE-2021-23958) Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.(CVE-2021-23960) Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.(CVE-2021-23961) Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.(CVE-2021-23962) When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.(CVE-2021-23963) Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.(CVE-2021-23964) Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.(CVE-2021-23965) If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.(CVE-2021-23968) As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.(CVE-2021-23969) Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.(CVE-2021-23970) When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.(CVE-2021-23971) One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.(CVE-2021-23972) When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.(CVE-2021-23973) The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.(CVE-2021-23974) The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.(CVE-2021-23975) Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.(CVE-2021-23978) Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.(CVE-2021-23979) A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.(CVE-2021-23981) Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.(CVE-2021-23982) By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.(CVE-2021-23983) A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.(CVE-2021-23984) If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87.(CVE-2021-23985) A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.(CVE-2021-23986) Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.(CVE-2021-23987) Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.(CVE-2021-23988) A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-23994) When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-23995) By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.(CVE-2021-23996) Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.(CVE-2021-23997) Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-23998) If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-23999) A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type="file"&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.(CVE-2021-24000) A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88.(CVE-2021-24001) When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-24002) Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88.(CVE-2021-29944) The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-29945) Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.(CVE-2021-29946) Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.(CVE-2021-29947) When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.(CVE-2021-29952) A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.(CVE-2021-29953) A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.(CVE-2021-29955) When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.(CVE-2021-29959) Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.(CVE-2021-29960) When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.(CVE-2021-29961) A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.(CVE-2021-29965) Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.(CVE-2021-29966) Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.(CVE-2021-29967) A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.(CVE-2021-29970) A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.(CVE-2021-29972) When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.(CVE-2021-29974) Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.(CVE-2021-29975) Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.(CVE-2021-29976) Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90.(CVE-2021-29977) Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29980) An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.(CVE-2021-29981) Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.(CVE-2021-29982) Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29984) A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29985) A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29986) After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.(CVE-2021-29987) Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29988) Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.(CVE-2021-29989) Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.(CVE-2021-29990) Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.(CVE-2021-29991) Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.(CVE-2021-30547) crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.(CVE-2021-32810) Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.(CVE-2021-38491) Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.(CVE-2021-38493) Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.(CVE-2021-38494) During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.(CVE-2021-38496) Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.(CVE-2021-38497) During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.(CVE-2021-38498) Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93.(CVE-2021-38499) Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.(CVE-2021-38500) Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.(CVE-2021-38501) The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-38503) When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-38504) Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-38506) The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-38507) By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-38508) Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-38509) The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-38510) It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2021-4140) When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox < 94.(CVE-2021-43531) The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94.(CVE-2021-43532) When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.(CVE-2021-43533) Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-43534) A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.(CVE-2021-43535) Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43536) An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43537) By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43538) Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43539) WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.(CVE-2021-43540) When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43541) Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43542) Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43543) Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43545) It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.(CVE-2021-43546) Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97.(CVE-2022-0511) Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98.(CVE-2022-0843) <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.(CVE-2022-1097) After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.(CVE-2022-1196) An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.(CVE-2022-1529) If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.(CVE-2022-1802) Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2022-1919) If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-2200) Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22737) Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22738) Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22739) Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22740) When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22741) When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22742) When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22743) Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22745) After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22747) Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.(CVE-2022-22748) If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.(CVE-2022-22754) By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.(CVE-2022-22755) If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.(CVE-2022-22756) Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97.(CVE-2022-22757) If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.(CVE-2022-22759) When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.(CVE-2022-22760) Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.(CVE-2022-22761) When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.(CVE-2022-22763) regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.(CVE-2022-24713) An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.(CVE-2022-26381) While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.(CVE-2022-26382) When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.(CVE-2022-26383) If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.(CVE-2022-26384) In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.(CVE-2022-26385) Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7.(CVE-2022-26386) When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.(CVE-2022-26387) Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.(CVE-2022-26485) An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.(CVE-2022-26486) If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.(CVE-2022-28281) By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.(CVE-2022-28282) The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.(CVE-2022-28283) SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99.(CVE-2022-28284) When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.(CVE-2022-28285) Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.(CVE-2022-28286) In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99.(CVE-2022-28287) Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.(CVE-2022-28289) Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.(CVE-2022-29909) An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.(CVE-2022-29911) Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.(CVE-2022-29912) When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.(CVE-2022-29914) The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.(CVE-2022-29915) Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.(CVE-2022-29916) Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100.(CVE-2022-29918) A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.(CVE-2022-31736) A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.(CVE-2022-31737) When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.(CVE-2022-31738) On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.(CVE-2022-31740) A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.(CVE-2022-31741) An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.(CVE-2022-31742) Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101.(CVE-2022-31743) An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.(CVE-2022-31744) If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.(CVE-2022-31745) Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101.(CVE-2022-31748) An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.(CVE-2022-3266) An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34468) When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102.(CVE-2022-34469) Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34470) When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102.(CVE-2022-34471) If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34472) The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102.(CVE-2022-34473) Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.(CVE-2022-34474) SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102.(CVE-2022-34475) ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102.(CVE-2022-34476) The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102.(CVE-2022-34477) A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34479) Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.(CVE-2022-34480) In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34481) An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102.(CVE-2022-34482) An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102.(CVE-2022-34483) The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.(CVE-2022-34484) Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102.(CVE-2022-34485) When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.(CVE-2022-36318) When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.(CVE-2022-36319) An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.(CVE-2022-38472) A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.(CVE-2022-38473) Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.(CVE-2022-38477) Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.(CVE-2022-38478) When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.(CVE-2022-40956) Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.(CVE-2022-40957) By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.(CVE-2022-40958) During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.(CVE-2022-40959) Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.(CVE-2022-40960) Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.(CVE-2022-40962) Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.(CVE-2022-42928) Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45408) The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45409) When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45410) Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45411) When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45412) Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45416) If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45418) Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45420) Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45421) An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.(CVE-2022-46871) A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.(CVE-2022-46874) The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.(CVE-2022-46875) Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.(CVE-2022-46878) A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.(CVE-2022-46882) An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-0767) Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.(CVE-2023-1945) Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23598) When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23599) Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23601) A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23602) Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.(CVE-2023-23603) The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25728) Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25729) A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25730) When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25732) Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25735) An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25737) Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25739) When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.(CVE-2023-25742) Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.(CVE-2023-25751) When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.(CVE-2023-25752) While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.(CVE-2023-28162) Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.(CVE-2023-28164) Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.(CVE-2023-28176) A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.(CVE-2023-29533) Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.(CVE-2023-29535) An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.(CVE-2023-29536) When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.(CVE-2023-29539) Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.(CVE-2023-29541) A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.(CVE-2023-29548) Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.(CVE-2023-29550) In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.(CVE-2023-32205) An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.(CVE-2023-32206) A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.(CVE-2023-32207) A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.(CVE-2023-32211) An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.(CVE-2023-32212) When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.(CVE-2023-32213) Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.(CVE-2023-32215) An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.(CVE-2023-37201) Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.(CVE-2023-37202) A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.(CVE-2023-37207) When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.(CVE-2023-37208) Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.(CVE-2023-37211) Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4045) In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4046) A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4047) An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4048) Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4049) In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4050) When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.(CVE-2023-4054) When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4055) Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.(CVE-2023-4056) An update for firefox is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical firefox https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15670 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15673 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15674 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15675 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15680 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15681 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15682 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15683 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15684 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-16012 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-16044 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26950 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26951 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26953 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26956 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26958 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26959 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26960 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26961 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26962 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26965 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26968 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26969 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26971 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26972 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26973 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26974 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26976 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26978 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-26979 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-35111 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-35113 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-35114 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23953 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23954 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23955 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23956 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23958 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23960 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23961 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23962 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23963 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23964 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23965 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23968 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23969 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23970 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23971 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23972 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23973 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23974 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23975 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23978 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23979 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23981 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23982 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23983 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23984 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23985 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23986 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23987 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23988 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23994 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23995 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23996 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23997 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23998 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23999 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-24000 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-24001 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-24002 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29944 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29945 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29946 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29947 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29952 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29953 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29955 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29959 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29960 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29961 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29965 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29966 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29967 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29970 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29972 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29974 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29975 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29976 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29977 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29980 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29981 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29982 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29984 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29985 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29986 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29987 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29988 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29989 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29990 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-29991 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-30547 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-32810 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38491 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38493 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38494 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38496 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38497 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38498 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38499 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38500 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38501 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38503 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38504 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38506 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38507 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38508 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38509 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-38510 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4140 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43531 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43532 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43533 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43534 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43535 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43536 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43537 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43538 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43539 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43540 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43541 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43542 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43543 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43545 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43546 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0511 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0843 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1097 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1196 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1529 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1802 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1919 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2200 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22737 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22738 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22739 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22740 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22741 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22742 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22743 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22745 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22747 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22748 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22754 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22755 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22756 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22757 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22759 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22760 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22761 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22763 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24713 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26381 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26382 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26383 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26384 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26385 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26386 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26387 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26485 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26486 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28281 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28282 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28283 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28284 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28285 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28286 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28287 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-28289 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29909 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29911 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29912 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29914 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29915 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29916 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29918 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31736 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31737 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31738 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31740 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31741 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31742 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31743 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31744 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31745 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31748 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3266 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34468 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34469 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34470 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34471 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34472 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34473 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34474 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34475 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34476 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34477 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34479 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34480 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34481 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34482 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34483 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34484 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-34485 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-36318 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-36319 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-38472 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-38473 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-38477 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-38478 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40956 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40957 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40958 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40959 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40960 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40962 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42928 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45408 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45409 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45410 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45411 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45412 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45416 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45418 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45420 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45421 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-46871 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-46874 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-46875 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-46878 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-46882 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0767 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1945 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23598 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23599 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23601 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23602 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23603 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25728 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25729 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25730 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25732 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25735 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25737 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25739 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25742 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25751 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-25752 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28162 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28164 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28176 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29533 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29535 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29536 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29539 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29541 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29548 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29550 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32205 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32206 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32207 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32211 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32212 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32213 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32215 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-37201 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-37202 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-37207 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-37208 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-37211 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4045 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4046 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4047 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4048 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4049 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4050 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4054 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4055 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4056 https://nvd.nist.gov/vuln/detail/CVE-2020-15670 https://nvd.nist.gov/vuln/detail/CVE-2020-15673 https://nvd.nist.gov/vuln/detail/CVE-2020-15674 https://nvd.nist.gov/vuln/detail/CVE-2020-15675 https://nvd.nist.gov/vuln/detail/CVE-2020-15680 https://nvd.nist.gov/vuln/detail/CVE-2020-15681 https://nvd.nist.gov/vuln/detail/CVE-2020-15682 https://nvd.nist.gov/vuln/detail/CVE-2020-15683 https://nvd.nist.gov/vuln/detail/CVE-2020-15684 https://nvd.nist.gov/vuln/detail/CVE-2020-16012 https://nvd.nist.gov/vuln/detail/CVE-2020-16044 https://nvd.nist.gov/vuln/detail/CVE-2020-26950 https://nvd.nist.gov/vuln/detail/CVE-2020-26951 https://nvd.nist.gov/vuln/detail/CVE-2020-26953 https://nvd.nist.gov/vuln/detail/CVE-2020-26956 https://nvd.nist.gov/vuln/detail/CVE-2020-26958 https://nvd.nist.gov/vuln/detail/CVE-2020-26959 https://nvd.nist.gov/vuln/detail/CVE-2020-26960 https://nvd.nist.gov/vuln/detail/CVE-2020-26961 https://nvd.nist.gov/vuln/detail/CVE-2020-26962 https://nvd.nist.gov/vuln/detail/CVE-2020-26965 https://nvd.nist.gov/vuln/detail/CVE-2020-26968 https://nvd.nist.gov/vuln/detail/CVE-2020-26969 https://nvd.nist.gov/vuln/detail/CVE-2020-26971 https://nvd.nist.gov/vuln/detail/CVE-2020-26972 https://nvd.nist.gov/vuln/detail/CVE-2020-26973 https://nvd.nist.gov/vuln/detail/CVE-2020-26974 https://nvd.nist.gov/vuln/detail/CVE-2020-26976 https://nvd.nist.gov/vuln/detail/CVE-2020-26978 https://nvd.nist.gov/vuln/detail/CVE-2020-26979 https://nvd.nist.gov/vuln/detail/CVE-2020-35111 https://nvd.nist.gov/vuln/detail/CVE-2020-35113 https://nvd.nist.gov/vuln/detail/CVE-2020-35114 https://nvd.nist.gov/vuln/detail/CVE-2021-23953 https://nvd.nist.gov/vuln/detail/CVE-2021-23954 https://nvd.nist.gov/vuln/detail/CVE-2021-23955 https://nvd.nist.gov/vuln/detail/CVE-2021-23956 https://nvd.nist.gov/vuln/detail/CVE-2021-23958 https://nvd.nist.gov/vuln/detail/CVE-2021-23960 https://nvd.nist.gov/vuln/detail/CVE-2021-23961 https://nvd.nist.gov/vuln/detail/CVE-2021-23962 https://nvd.nist.gov/vuln/detail/CVE-2021-23963 https://nvd.nist.gov/vuln/detail/CVE-2021-23964 https://nvd.nist.gov/vuln/detail/CVE-2021-23965 https://nvd.nist.gov/vuln/detail/CVE-2021-23968 https://nvd.nist.gov/vuln/detail/CVE-2021-23969 https://nvd.nist.gov/vuln/detail/CVE-2021-23970 https://nvd.nist.gov/vuln/detail/CVE-2021-23971 https://nvd.nist.gov/vuln/detail/CVE-2021-23972 https://nvd.nist.gov/vuln/detail/CVE-2021-23973 https://nvd.nist.gov/vuln/detail/CVE-2021-23974 https://nvd.nist.gov/vuln/detail/CVE-2021-23975 https://nvd.nist.gov/vuln/detail/CVE-2021-23978 https://nvd.nist.gov/vuln/detail/CVE-2021-23979 https://nvd.nist.gov/vuln/detail/CVE-2021-23981 https://nvd.nist.gov/vuln/detail/CVE-2021-23982 https://nvd.nist.gov/vuln/detail/CVE-2021-23983 https://nvd.nist.gov/vuln/detail/CVE-2021-23984 https://nvd.nist.gov/vuln/detail/CVE-2021-23985 https://nvd.nist.gov/vuln/detail/CVE-2021-23986 https://nvd.nist.gov/vuln/detail/CVE-2021-23987 https://nvd.nist.gov/vuln/detail/CVE-2021-23988 https://nvd.nist.gov/vuln/detail/CVE-2021-23994 https://nvd.nist.gov/vuln/detail/CVE-2021-23995 https://nvd.nist.gov/vuln/detail/CVE-2021-23996 https://nvd.nist.gov/vuln/detail/CVE-2021-23997 https://nvd.nist.gov/vuln/detail/CVE-2021-23998 https://nvd.nist.gov/vuln/detail/CVE-2021-23999 https://nvd.nist.gov/vuln/detail/CVE-2021-24000 https://nvd.nist.gov/vuln/detail/CVE-2021-24001 https://nvd.nist.gov/vuln/detail/CVE-2021-24002 https://nvd.nist.gov/vuln/detail/CVE-2021-29944 https://nvd.nist.gov/vuln/detail/CVE-2021-29945 https://nvd.nist.gov/vuln/detail/CVE-2021-29946 https://nvd.nist.gov/vuln/detail/CVE-2021-29947 https://nvd.nist.gov/vuln/detail/CVE-2021-29952 https://nvd.nist.gov/vuln/detail/CVE-2021-29953 https://nvd.nist.gov/vuln/detail/CVE-2021-29955 https://nvd.nist.gov/vuln/detail/CVE-2021-29959 https://nvd.nist.gov/vuln/detail/CVE-2021-29960 https://nvd.nist.gov/vuln/detail/CVE-2021-29961 https://nvd.nist.gov/vuln/detail/CVE-2021-29965 https://nvd.nist.gov/vuln/detail/CVE-2021-29966 https://nvd.nist.gov/vuln/detail/CVE-2021-29967 https://nvd.nist.gov/vuln/detail/CVE-2021-29970 https://nvd.nist.gov/vuln/detail/CVE-2021-29972 https://nvd.nist.gov/vuln/detail/CVE-2021-29974 https://nvd.nist.gov/vuln/detail/CVE-2021-29975 https://nvd.nist.gov/vuln/detail/CVE-2021-29976 https://nvd.nist.gov/vuln/detail/CVE-2021-29977 https://nvd.nist.gov/vuln/detail/CVE-2021-29980 https://nvd.nist.gov/vuln/detail/CVE-2021-29981 https://nvd.nist.gov/vuln/detail/CVE-2021-29982 https://nvd.nist.gov/vuln/detail/CVE-2021-29984 https://nvd.nist.gov/vuln/detail/CVE-2021-29985 https://nvd.nist.gov/vuln/detail/CVE-2021-29986 https://nvd.nist.gov/vuln/detail/CVE-2021-29987 https://nvd.nist.gov/vuln/detail/CVE-2021-29988 https://nvd.nist.gov/vuln/detail/CVE-2021-29989 https://nvd.nist.gov/vuln/detail/CVE-2021-29990 https://nvd.nist.gov/vuln/detail/CVE-2021-29991 https://nvd.nist.gov/vuln/detail/CVE-2021-30547 https://nvd.nist.gov/vuln/detail/CVE-2021-32810 https://nvd.nist.gov/vuln/detail/CVE-2021-38491 https://nvd.nist.gov/vuln/detail/CVE-2021-38493 https://nvd.nist.gov/vuln/detail/CVE-2021-38494 https://nvd.nist.gov/vuln/detail/CVE-2021-38496 https://nvd.nist.gov/vuln/detail/CVE-2021-38497 https://nvd.nist.gov/vuln/detail/CVE-2021-38498 https://nvd.nist.gov/vuln/detail/CVE-2021-38499 https://nvd.nist.gov/vuln/detail/CVE-2021-38500 https://nvd.nist.gov/vuln/detail/CVE-2021-38501 https://nvd.nist.gov/vuln/detail/CVE-2021-38503 https://nvd.nist.gov/vuln/detail/CVE-2021-38504 https://nvd.nist.gov/vuln/detail/CVE-2021-38506 https://nvd.nist.gov/vuln/detail/CVE-2021-38507 https://nvd.nist.gov/vuln/detail/CVE-2021-38508 https://nvd.nist.gov/vuln/detail/CVE-2021-38509 https://nvd.nist.gov/vuln/detail/CVE-2021-38510 https://nvd.nist.gov/vuln/detail/CVE-2021-4140 https://nvd.nist.gov/vuln/detail/CVE-2021-43531 https://nvd.nist.gov/vuln/detail/CVE-2021-43532 https://nvd.nist.gov/vuln/detail/CVE-2021-43533 https://nvd.nist.gov/vuln/detail/CVE-2021-43534 https://nvd.nist.gov/vuln/detail/CVE-2021-43535 https://nvd.nist.gov/vuln/detail/CVE-2021-43536 https://nvd.nist.gov/vuln/detail/CVE-2021-43537 https://nvd.nist.gov/vuln/detail/CVE-2021-43538 https://nvd.nist.gov/vuln/detail/CVE-2021-43539 https://nvd.nist.gov/vuln/detail/CVE-2021-43540 https://nvd.nist.gov/vuln/detail/CVE-2021-43541 https://nvd.nist.gov/vuln/detail/CVE-2021-43542 https://nvd.nist.gov/vuln/detail/CVE-2021-43543 https://nvd.nist.gov/vuln/detail/CVE-2021-43545 https://nvd.nist.gov/vuln/detail/CVE-2021-43546 https://nvd.nist.gov/vuln/detail/CVE-2022-0511 https://nvd.nist.gov/vuln/detail/CVE-2022-0843 https://nvd.nist.gov/vuln/detail/CVE-2022-1097 https://nvd.nist.gov/vuln/detail/CVE-2022-1196 https://nvd.nist.gov/vuln/detail/CVE-2022-1529 https://nvd.nist.gov/vuln/detail/CVE-2022-1802 https://nvd.nist.gov/vuln/detail/CVE-2022-1919 https://nvd.nist.gov/vuln/detail/CVE-2022-2200 https://nvd.nist.gov/vuln/detail/CVE-2022-22737 https://nvd.nist.gov/vuln/detail/CVE-2022-22738 https://nvd.nist.gov/vuln/detail/CVE-2022-22739 https://nvd.nist.gov/vuln/detail/CVE-2022-22740 https://nvd.nist.gov/vuln/detail/CVE-2022-22741 https://nvd.nist.gov/vuln/detail/CVE-2022-22742 https://nvd.nist.gov/vuln/detail/CVE-2022-22743 https://nvd.nist.gov/vuln/detail/CVE-2022-22745 https://nvd.nist.gov/vuln/detail/CVE-2022-22747 https://nvd.nist.gov/vuln/detail/CVE-2022-22748 https://nvd.nist.gov/vuln/detail/CVE-2022-22754 https://nvd.nist.gov/vuln/detail/CVE-2022-22755 https://nvd.nist.gov/vuln/detail/CVE-2022-22756 https://nvd.nist.gov/vuln/detail/CVE-2022-22757 https://nvd.nist.gov/vuln/detail/CVE-2022-22759 https://nvd.nist.gov/vuln/detail/CVE-2022-22760 https://nvd.nist.gov/vuln/detail/CVE-2022-22761 https://nvd.nist.gov/vuln/detail/CVE-2022-22763 https://nvd.nist.gov/vuln/detail/CVE-2022-24713 https://nvd.nist.gov/vuln/detail/CVE-2022-26381 https://nvd.nist.gov/vuln/detail/CVE-2022-26382 https://nvd.nist.gov/vuln/detail/CVE-2022-26383 https://nvd.nist.gov/vuln/detail/CVE-2022-26384 https://nvd.nist.gov/vuln/detail/CVE-2022-26385 https://nvd.nist.gov/vuln/detail/CVE-2022-26386 https://nvd.nist.gov/vuln/detail/CVE-2022-26387 https://nvd.nist.gov/vuln/detail/CVE-2022-26485 https://nvd.nist.gov/vuln/detail/CVE-2022-26486 https://nvd.nist.gov/vuln/detail/CVE-2022-28281 https://nvd.nist.gov/vuln/detail/CVE-2022-28282 https://nvd.nist.gov/vuln/detail/CVE-2022-28283 https://nvd.nist.gov/vuln/detail/CVE-2022-28284 https://nvd.nist.gov/vuln/detail/CVE-2022-28285 https://nvd.nist.gov/vuln/detail/CVE-2022-28286 https://nvd.nist.gov/vuln/detail/CVE-2022-28287 https://nvd.nist.gov/vuln/detail/CVE-2022-28289 https://nvd.nist.gov/vuln/detail/CVE-2022-29909 https://nvd.nist.gov/vuln/detail/CVE-2022-29911 https://nvd.nist.gov/vuln/detail/CVE-2022-29912 https://nvd.nist.gov/vuln/detail/CVE-2022-29914 https://nvd.nist.gov/vuln/detail/CVE-2022-29915 https://nvd.nist.gov/vuln/detail/CVE-2022-29916 https://nvd.nist.gov/vuln/detail/CVE-2022-29918 https://nvd.nist.gov/vuln/detail/CVE-2022-31736 https://nvd.nist.gov/vuln/detail/CVE-2022-31737 https://nvd.nist.gov/vuln/detail/CVE-2022-31738 https://nvd.nist.gov/vuln/detail/CVE-2022-31740 https://nvd.nist.gov/vuln/detail/CVE-2022-31741 https://nvd.nist.gov/vuln/detail/CVE-2022-31742 https://nvd.nist.gov/vuln/detail/CVE-2022-31743 https://nvd.nist.gov/vuln/detail/CVE-2022-31744 https://nvd.nist.gov/vuln/detail/CVE-2022-31745 https://nvd.nist.gov/vuln/detail/CVE-2022-31748 https://nvd.nist.gov/vuln/detail/CVE-2022-3266 https://nvd.nist.gov/vuln/detail/CVE-2022-34468 https://nvd.nist.gov/vuln/detail/CVE-2022-34469 https://nvd.nist.gov/vuln/detail/CVE-2022-34470 https://nvd.nist.gov/vuln/detail/CVE-2022-34471 https://nvd.nist.gov/vuln/detail/CVE-2022-34472 https://nvd.nist.gov/vuln/detail/CVE-2022-34473 https://nvd.nist.gov/vuln/detail/CVE-2022-34474 https://nvd.nist.gov/vuln/detail/CVE-2022-34475 https://nvd.nist.gov/vuln/detail/CVE-2022-34476 https://nvd.nist.gov/vuln/detail/CVE-2022-34477 https://nvd.nist.gov/vuln/detail/CVE-2022-34479 https://nvd.nist.gov/vuln/detail/CVE-2022-34480 https://nvd.nist.gov/vuln/detail/CVE-2022-34481 https://nvd.nist.gov/vuln/detail/CVE-2022-34482 https://nvd.nist.gov/vuln/detail/CVE-2022-34483 https://nvd.nist.gov/vuln/detail/CVE-2022-34484 https://nvd.nist.gov/vuln/detail/CVE-2022-34485 https://nvd.nist.gov/vuln/detail/CVE-2022-36318 https://nvd.nist.gov/vuln/detail/CVE-2022-36319 https://nvd.nist.gov/vuln/detail/CVE-2022-38472 https://nvd.nist.gov/vuln/detail/CVE-2022-38473 https://nvd.nist.gov/vuln/detail/CVE-2022-38477 https://nvd.nist.gov/vuln/detail/CVE-2022-38478 https://nvd.nist.gov/vuln/detail/CVE-2022-40956 https://nvd.nist.gov/vuln/detail/CVE-2022-40957 https://nvd.nist.gov/vuln/detail/CVE-2022-40958 https://nvd.nist.gov/vuln/detail/CVE-2022-40959 https://nvd.nist.gov/vuln/detail/CVE-2022-40960 https://nvd.nist.gov/vuln/detail/CVE-2022-40962 https://nvd.nist.gov/vuln/detail/CVE-2022-42928 https://nvd.nist.gov/vuln/detail/CVE-2022-45408 https://nvd.nist.gov/vuln/detail/CVE-2022-45409 https://nvd.nist.gov/vuln/detail/CVE-2022-45410 https://nvd.nist.gov/vuln/detail/CVE-2022-45411 https://nvd.nist.gov/vuln/detail/CVE-2022-45412 https://nvd.nist.gov/vuln/detail/CVE-2022-45416 https://nvd.nist.gov/vuln/detail/CVE-2022-45418 https://nvd.nist.gov/vuln/detail/CVE-2022-45420 https://nvd.nist.gov/vuln/detail/CVE-2022-45421 https://nvd.nist.gov/vuln/detail/CVE-2022-46871 https://nvd.nist.gov/vuln/detail/CVE-2022-46874 https://nvd.nist.gov/vuln/detail/CVE-2022-46875 https://nvd.nist.gov/vuln/detail/CVE-2022-46878 https://nvd.nist.gov/vuln/detail/CVE-2022-46882 https://nvd.nist.gov/vuln/detail/CVE-2023-0767 https://nvd.nist.gov/vuln/detail/CVE-2023-1945 https://nvd.nist.gov/vuln/detail/CVE-2023-23598 https://nvd.nist.gov/vuln/detail/CVE-2023-23599 https://nvd.nist.gov/vuln/detail/CVE-2023-23601 https://nvd.nist.gov/vuln/detail/CVE-2023-23602 https://nvd.nist.gov/vuln/detail/CVE-2023-23603 https://nvd.nist.gov/vuln/detail/CVE-2023-25728 https://nvd.nist.gov/vuln/detail/CVE-2023-25729 https://nvd.nist.gov/vuln/detail/CVE-2023-25730 https://nvd.nist.gov/vuln/detail/CVE-2023-25732 https://nvd.nist.gov/vuln/detail/CVE-2023-25735 https://nvd.nist.gov/vuln/detail/CVE-2023-25737 https://nvd.nist.gov/vuln/detail/CVE-2023-25739 https://nvd.nist.gov/vuln/detail/CVE-2023-25742 https://nvd.nist.gov/vuln/detail/CVE-2023-25751 https://nvd.nist.gov/vuln/detail/CVE-2023-25752 https://nvd.nist.gov/vuln/detail/CVE-2023-28162 https://nvd.nist.gov/vuln/detail/CVE-2023-28164 https://nvd.nist.gov/vuln/detail/CVE-2023-28176 https://nvd.nist.gov/vuln/detail/CVE-2023-29533 https://nvd.nist.gov/vuln/detail/CVE-2023-29535 https://nvd.nist.gov/vuln/detail/CVE-2023-29536 https://nvd.nist.gov/vuln/detail/CVE-2023-29539 https://nvd.nist.gov/vuln/detail/CVE-2023-29541 https://nvd.nist.gov/vuln/detail/CVE-2023-29548 https://nvd.nist.gov/vuln/detail/CVE-2023-29550 https://nvd.nist.gov/vuln/detail/CVE-2023-32205 https://nvd.nist.gov/vuln/detail/CVE-2023-32206 https://nvd.nist.gov/vuln/detail/CVE-2023-32207 https://nvd.nist.gov/vuln/detail/CVE-2023-32211 https://nvd.nist.gov/vuln/detail/CVE-2023-32212 https://nvd.nist.gov/vuln/detail/CVE-2023-32213 https://nvd.nist.gov/vuln/detail/CVE-2023-32215 https://nvd.nist.gov/vuln/detail/CVE-2023-37201 https://nvd.nist.gov/vuln/detail/CVE-2023-37202 https://nvd.nist.gov/vuln/detail/CVE-2023-37207 https://nvd.nist.gov/vuln/detail/CVE-2023-37208 https://nvd.nist.gov/vuln/detail/CVE-2023-37211 https://nvd.nist.gov/vuln/detail/CVE-2023-4045 https://nvd.nist.gov/vuln/detail/CVE-2023-4046 https://nvd.nist.gov/vuln/detail/CVE-2023-4047 https://nvd.nist.gov/vuln/detail/CVE-2023-4048 https://nvd.nist.gov/vuln/detail/CVE-2023-4049 https://nvd.nist.gov/vuln/detail/CVE-2023-4050 https://nvd.nist.gov/vuln/detail/CVE-2023-4054 https://nvd.nist.gov/vuln/detail/CVE-2023-4055 https://nvd.nist.gov/vuln/detail/CVE-2023-4056 openEuler-22.03-LTS-SP1 firefox-102.14.0-1.oe2203sp1.aarch64.rpm firefox-debugsource-102.14.0-1.oe2203sp1.aarch64.rpm firefox-debuginfo-102.14.0-1.oe2203sp1.aarch64.rpm firefox-102.14.0-1.oe2203sp1.src.rpm firefox-102.14.0-1.oe2203sp1.x86_64.rpm firefox-debugsource-102.14.0-1.oe2203sp1.x86_64.rpm firefox-debuginfo-102.14.0-1.oe2203sp1.x86_64.rpm Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. 2023-09-22 CVE-2020-15670 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. 2023-09-22 CVE-2020-15673 openEuler-22.03-LTS-SP1 High 8.8 firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. 2023-09-22 CVE-2020-15674 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. 2023-09-22 CVE-2020-15675 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. 2023-09-22 CVE-2020-15680 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. 2023-09-22 CVE-2020-15681 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. 2023-09-22 CVE-2020-15682 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. 2023-09-22 CVE-2020-15683 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. 2023-09-22 CVE-2020-15684 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2023-09-22 CVE-2020-16012 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. 2023-09-22 CVE-2020-16044 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. 2023-09-22 CVE-2020-26950 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26951 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26953 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26956 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26958 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26959 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26960 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26961 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83. 2023-09-22 CVE-2020-26962 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26965 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. 2023-09-22 CVE-2020-26968 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83. 2023-09-22 CVE-2020-26969 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. 2023-09-22 CVE-2020-26971 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84. 2023-09-22 CVE-2020-26972 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. 2023-09-22 CVE-2020-26973 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. 2023-09-22 CVE-2020-26974 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. 2023-09-22 CVE-2020-26976 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. 2023-09-22 CVE-2020-26978 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84. 2023-09-22 CVE-2020-26979 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. 2023-09-22 CVE-2020-35111 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. 2023-09-22 CVE-2020-35113 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84. 2023-09-22 CVE-2020-35114 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2023-09-22 CVE-2021-23953 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2023-09-22 CVE-2021-23954 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. 2023-09-22 CVE-2021-23955 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. 2023-09-22 CVE-2021-23956 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. 2023-09-22 CVE-2021-23958 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2023-09-22 CVE-2021-23960 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. 2023-09-22 CVE-2021-23961 openEuler-22.03-LTS-SP1 High 7.4 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. 2023-09-22 CVE-2021-23962 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. 2023-09-22 CVE-2021-23963 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2023-09-22 CVE-2021-23964 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. 2023-09-22 CVE-2021-23965 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2023-09-22 CVE-2021-23968 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2023-09-22 CVE-2021-23969 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. 2023-09-22 CVE-2021-23970 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. 2023-09-22 CVE-2021-23971 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. 2023-09-22 CVE-2021-23972 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2023-09-22 CVE-2021-23973 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. 2023-09-22 CVE-2021-23974 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. 2023-09-22 CVE-2021-23975 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2023-09-22 CVE-2021-23978 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. 2023-09-22 CVE-2021-23979 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. 2023-09-22 CVE-2021-23981 openEuler-22.03-LTS-SP1 High 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. 2023-09-22 CVE-2021-23982 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. 2023-09-22 CVE-2021-23983 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. 2023-09-22 CVE-2021-23984 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. 2023-09-22 CVE-2021-23985 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87. 2023-09-22 CVE-2021-23986 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. 2023-09-22 CVE-2021-23987 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87. 2023-09-22 CVE-2021-23988 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2023-09-22 CVE-2021-23994 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2023-09-22 CVE-2021-23995 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88. 2023-09-22 CVE-2021-23996 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. 2023-09-22 CVE-2021-23997 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2023-09-22 CVE-2021-23998 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2023-09-22 CVE-2021-23999 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type="file"&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88. 2023-09-22 CVE-2021-24000 openEuler-22.03-LTS-SP1 Low 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. 2023-09-22 CVE-2021-24001 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2023-09-22 CVE-2021-24002 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88. 2023-09-22 CVE-2021-29944 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2023-09-22 CVE-2021-29945 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2023-09-22 CVE-2021-29946 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. 2023-09-22 CVE-2021-29947 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. 2023-09-22 CVE-2021-29952 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. 2023-09-22 CVE-2021-29953 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. 2023-09-22 CVE-2021-29955 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. 2023-09-22 CVE-2021-29959 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89. 2023-09-22 CVE-2021-29960 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. 2023-09-22 CVE-2021-29961 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. 2023-09-22 CVE-2021-29965 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. 2023-09-22 CVE-2021-29966 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. 2023-09-22 CVE-2021-29967 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. 2023-09-22 CVE-2021-29970 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90. 2023-09-22 CVE-2021-29972 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90. 2023-09-22 CVE-2021-29974 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90. 2023-09-22 CVE-2021-29975 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. 2023-09-22 CVE-2021-29976 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90. 2023-09-22 CVE-2021-29977 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 2023-09-22 CVE-2021-29980 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. 2023-09-22 CVE-2021-29981 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. 2023-09-22 CVE-2021-29982 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 2023-09-22 CVE-2021-29984 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 2023-09-22 CVE-2021-29985 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 2023-09-22 CVE-2021-29986 openEuler-22.03-LTS-SP1 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. 2023-09-22 CVE-2021-29987 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 2023-09-22 CVE-2021-29988 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. 2023-09-22 CVE-2021-29989 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. 2023-09-22 CVE-2021-29990 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. 2023-09-22 CVE-2021-29991 openEuler-22.03-LTS-SP1 High 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2023-09-22 CVE-2021-30547 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. 2023-09-22 CVE-2021-32810 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. 2023-09-22 CVE-2021-38491 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. 2023-09-22 CVE-2021-38493 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92. 2023-09-22 CVE-2021-38494 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. 2023-09-22 CVE-2021-38496 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. 2023-09-22 CVE-2021-38497 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. 2023-09-22 CVE-2021-38498 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93. 2023-09-22 CVE-2021-38499 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. 2023-09-22 CVE-2021-38500 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. 2023-09-22 CVE-2021-38501 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-38503 openEuler-22.03-LTS-SP1 Critical 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-38504 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-38506 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-38507 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-38508 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-38509 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-38510 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2021-4140 openEuler-22.03-LTS-SP1 Critical 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox < 94. 2023-09-22 CVE-2021-43531 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94. 2023-09-22 CVE-2021-43532 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94. 2023-09-22 CVE-2021-43533 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-43534 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. 2023-09-22 CVE-2021-43535 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43536 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43537 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43538 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43539 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. 2023-09-22 CVE-2021-43540 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43541 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43542 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43543 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43545 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2023-09-22 CVE-2021-43546 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97. 2023-09-22 CVE-2022-0511 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98. 2023-09-22 CVE-2022-0843 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. 2023-09-22 CVE-2022-1097 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8. 2023-09-22 CVE-2022-1196 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. 2023-09-22 CVE-2022-1529 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. 2023-09-22 CVE-2022-1802 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2023-09-22 CVE-2022-1919 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. 2023-09-22 CVE-2022-2200 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22737 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22738 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22739 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22740 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22741 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22742 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22743 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22745 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22747 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. 2023-09-22 CVE-2022-22748 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. 2023-09-22 CVE-2022-22754 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97. 2023-09-22 CVE-2022-22755 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. 2023-09-22 CVE-2022-22756 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97. 2023-09-22 CVE-2022-22757 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. 2023-09-22 CVE-2022-22759 openEuler-22.03-LTS-SP1 Critical 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. 2023-09-22 CVE-2022-22760 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. 2023-09-22 CVE-2022-22761 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. 2023-09-22 CVE-2022-22763 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. 2023-09-22 CVE-2022-24713 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. 2023-09-22 CVE-2022-26381 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98. 2023-09-22 CVE-2022-26382 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. 2023-09-22 CVE-2022-26383 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. 2023-09-22 CVE-2022-26384 openEuler-22.03-LTS-SP1 Critical 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98. 2023-09-22 CVE-2022-26385 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. 2023-09-22 CVE-2022-26386 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. 2023-09-22 CVE-2022-26387 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. 2023-09-22 CVE-2022-26485 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. 2023-09-22 CVE-2022-26486 openEuler-22.03-LTS-SP1 Critical 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. 2023-09-22 CVE-2022-28281 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. 2023-09-22 CVE-2022-28282 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99. 2023-09-22 CVE-2022-28283 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99. 2023-09-22 CVE-2022-28284 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. 2023-09-22 CVE-2022-28285 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. 2023-09-22 CVE-2022-28286 openEuler-22.03-LTS-SP1 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. 2023-09-22 CVE-2022-28287 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. 2023-09-22 CVE-2022-28289 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. 2023-09-22 CVE-2022-29909 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. 2023-09-22 CVE-2022-29911 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. 2023-09-22 CVE-2022-29912 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. 2023-09-22 CVE-2022-29914 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. 2023-09-22 CVE-2022-29915 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. 2023-09-22 CVE-2022-29916 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100. 2023-09-22 CVE-2022-29918 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. 2023-09-22 CVE-2022-31736 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. 2023-09-22 CVE-2022-31737 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. 2023-09-22 CVE-2022-31738 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. 2023-09-22 CVE-2022-31740 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. 2023-09-22 CVE-2022-31741 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. 2023-09-22 CVE-2022-31742 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101. 2023-09-22 CVE-2022-31743 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. 2023-09-22 CVE-2022-31744 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. 2023-09-22 CVE-2022-31745 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. 2023-09-22 CVE-2022-31748 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. 2023-09-22 CVE-2022-3266 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. 2023-09-22 CVE-2022-34468 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34469 openEuler-22.03-LTS-SP1 High 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. 2023-09-22 CVE-2022-34470 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34471 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. 2023-09-22 CVE-2022-34472 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34473 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34474 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34475 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34476 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34477 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. 2023-09-22 CVE-2022-34479 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34480 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. 2023-09-22 CVE-2022-34481 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34482 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34483 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. 2023-09-22 CVE-2022-34484 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102. 2023-09-22 CVE-2022-34485 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. 2023-09-22 CVE-2022-36318 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. 2023-09-22 CVE-2022-36319 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. 2023-09-22 CVE-2022-38472 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. 2023-09-22 CVE-2022-38473 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104. 2023-09-22 CVE-2022-38477 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. 2023-09-22 CVE-2022-38478 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. 2023-09-22 CVE-2022-40956 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. 2023-09-22 CVE-2022-40957 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. 2023-09-22 CVE-2022-40958 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. 2023-09-22 CVE-2022-40959 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. 2023-09-22 CVE-2022-40960 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. 2023-09-22 CVE-2022-40962 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. 2023-09-22 CVE-2022-42928 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45408 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45409 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45410 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45411 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45412 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45416 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45418 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45420 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. 2023-09-22 CVE-2022-45421 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. 2023-09-22 CVE-2022-46871 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6. 2023-09-22 CVE-2022-46874 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. 2023-09-22 CVE-2022-46875 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. 2023-09-22 CVE-2022-46878 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. 2023-09-22 CVE-2022-46882 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-0767 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. 2023-09-22 CVE-2023-1945 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. 2023-09-22 CVE-2023-23598 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. 2023-09-22 CVE-2023-23599 openEuler-22.03-LTS-SP1 Medium 5.0 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. 2023-09-22 CVE-2023-23601 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. 2023-09-22 CVE-2023-23602 openEuler-22.03-LTS-SP1 Medium 6.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. 2023-09-22 CVE-2023-23603 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25728 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25729 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25730 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25732 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25735 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25737 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25739 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. 2023-09-22 CVE-2023-25742 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. 2023-09-22 CVE-2023-25751 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. 2023-09-22 CVE-2023-25752 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. 2023-09-22 CVE-2023-28162 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. 2023-09-22 CVE-2023-28164 openEuler-22.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. 2023-09-22 CVE-2023-28176 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. 2023-09-22 CVE-2023-29533 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. 2023-09-22 CVE-2023-29535 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. 2023-09-22 CVE-2023-29536 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. 2023-09-22 CVE-2023-29539 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. 2023-09-22 CVE-2023-29541 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. 2023-09-22 CVE-2023-29548 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. 2023-09-22 CVE-2023-29550 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-09-22 CVE-2023-32205 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-09-22 CVE-2023-32206 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-09-22 CVE-2023-32207 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-09-22 CVE-2023-32211 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-09-22 CVE-2023-32212 openEuler-22.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-09-22 CVE-2023-32213 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-09-22 CVE-2023-32215 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-09-22 CVE-2023-37201 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-09-22 CVE-2023-37202 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-09-22 CVE-2023-37207 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-09-22 CVE-2023-37208 openEuler-22.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-09-22 CVE-2023-37211 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4045 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4046 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4047 openEuler-22.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4048 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4049 openEuler-22.03-LTS-SP1 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4050 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. 2023-09-22 CVE-2023-4054 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4055 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674 Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-09-22 CVE-2023-4056 openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H firefox security update 2023-09-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1674