9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.5%
May 4, 2022 Pavel Vasenkov 91.9.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2022-29914 Fullscreen notification bypass using popups
+ CVE-2022-29909 Bypassing permission prompt in nested browsing contexts
+ CVE-2022-29916 Leaking browser history with CSS variables
+ CVE-2022-29911 iframe Sandbox bypass
+ CVE-2022-29912 Reader mode bypassed SameSite cookies
+ CVE-2022-29917 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.5%