Lucene search

K
ibm
IBM8AA985F10478A217523AC3590FB9E32106E3D2C6C50A1C052E0D031713E7CD6A
HistoryJan 31, 2023 - 2:47 p.m.

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.

2023-01-3114:47:39
www.ibm.com
20

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

85.8%

Summary

Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.

Vulnerability Details

CVEID:CVE-2022-22739
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by missing throttling on external protocol launch dialog. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to trick users into accepting launching a program to handle an external URL protocol.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217035 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-43539
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when calling wasm instance methods. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-34484
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229838 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-40960
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when parsing non-UTF-8 URLs in threads. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236602 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-22737
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a race condition when playing audio files. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217022 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-38498
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free of nsLanguageAtomService object. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210696 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-1196
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free after VR Process destruction. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-26485
**DESCRIPTION:**Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in XSLT parameter processing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221067 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22764
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219067 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-40959
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error during iframe navigation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass FeaturePolicy restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236604 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-28289
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223384 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-29909
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to documents in deeply-nested cross-origin browsing contexts that could have obtained permissions granted to the top-level origin. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the existing prompt and wrongfully inherit the top-level permissions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225631 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-36319
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when combining CSS properties for overflow and transform. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the mouse position.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232053 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-43543
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the bypass of CSP sandbox directive when embedding By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow documents loaded with the CSP sandbox directive to escape.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214741 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-42929
**DESCRIPTION:**Mozilla Firefox and Firefox ESR are vulnerable to a denial of service, caused by a flaw in the handling window.print() events. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238610 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-1529
**DESCRIPTION:**Mozilla Firefox, Firefox ESR, Firefox for Android and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JavaScript object indexing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service condition.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227036 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-40958
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when injecting a cookie with certain special characters. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass secure context restrictions to set and thus overwrite cookies from a secure context, leading to session fixation and other attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236605 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-43545
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by an error when using the Location API in a loop. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214743 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-42928
**DESCRIPTION:**Mozilla Firefox and Firefox ESR could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238609 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22759
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error if a document created a sandboxed iframe without allow-scripts. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow sandboxed iframes to execute script if the parent appended elements.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219062 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-43536
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a flaw when navigating while executing asynchronous function. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to obtain URL information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214692 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-40962
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236609 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22740
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free of ChannelEventQueue::mOwner. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt the stack and cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217020 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-38497
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks. By using reportValidity() and window.open(), a remote attacker could overlay a validation message on another origin and possibly conduct spoofing attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210695 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-38506
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by being coaxed into entering fullscreen mode without notification or warning to the user. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the browser UI.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212636 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-4140
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when constructing specific XSLT markup. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass an iframe sandbox.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217023 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-38508
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when displaying a form validity message in the correct location at the same time as a permission prompt. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-34468
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to click on a javascript: link, a remote attacker could exploit this vulnerability to bypass CSP sandbox header without allow-scripts.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229821 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-31741
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the incorrect processing of a specially crafted CMS message. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause an invalid memory read.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227613 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-43546
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when a native cursor is zoomed. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct a cursor spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214744 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-28285
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an incorrect AliasSet used in JIT Codegen. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to trigger out-of-bounds memory read.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223380 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-38507
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when using opportunistic Encryption in HTTP2 . By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the Same-Origin-Policy on services hosted on other ports.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212637 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-43541
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when invoking protocol handlers for external protocols. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow external protocol handler parameters to escape.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214736 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-28282
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in DocumentL10n::TranslateDocument. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223377 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-24713
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by the failure to properly prevent crafted regular expressions from taking an arbitrary amount of time during parsing by the rust regex crate. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223383 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-38476
**DESCRIPTION:**Mozilla Firefox and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a data race in the PK11_ChangePW function that results in a use-after-free error. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234199 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-31747
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227607 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-34481
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the nsTArray_Impl::ReplaceElementsAt() function. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229827 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-34470
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in nsSHistory. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229823 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-26384
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when controlling the contents of an iframe sandboxed with allow-popups but not allow-scripts. By persuading a victim to click a specially-crafted link, a remote attacker could exploit this vulnerability to bypass sandbox restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221279 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-40956
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when injecting an HTML base element and ignoring requests. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the Content Security Policy’s base-uri settings restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236607 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-26486
**DESCRIPTION:**Mozilla Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebGPU IPC framework. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221068 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22743
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when navigating from inside an iframe while requesting fullscreen access. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the browser window.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217017 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-31736
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leaking of cross-origin resource’s length. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-1802
**DESCRIPTION:**Mozilla Firefox, Firefox ESR, Firefox for Android and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the Top-Level Await implementation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service condition.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227037 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22763
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error during invalid object state. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute script on the vulnerable system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219069 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-26383
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when using fullscreen mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the browser window.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221278 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-22742
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-bounds memory access when inserting text in edit mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217018 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-34472
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an unavailable PAC file. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to block OCSP requests.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229831 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-43537
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a heap-based buffer overflow when using structured clone. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-38504
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in file picker dialog. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212632 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22761
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to enforce frame-ancestors Content Security Policy directive for framed extension By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219065 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-28281
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write due to unexpected WebAuthN Extensions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223376 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-43542
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when using XMLHttpRequest error codes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to leak the existence of an external protocol handler.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-38500
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210693 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-31737
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a heap-based buffer overflow in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227609 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-38473
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a cross-origin iframe referencing an XSLT document. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to inherit the parent domain’s permissions.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234195 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22751
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22738
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a heap-based buffer-overflow in blendGaussianBlur. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217021 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-38472
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the abuse of XSLT error handling. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the addressbar.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234194 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-29911
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly protect against top-level navigations for an iframe sandbox with a policy relaxed through a keyword like allow-top-navigation-by-user-activation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the iframe Sandbox.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225633 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-38495
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-38477
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234198 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-38503
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to correctly apply the iframe sandbox rules to XSLT stylesheets. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212634 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-29917
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225637 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22745
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leaking of cross-origin URLs through securitypolicyviolation event. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to disclose cross-origin information for frame-ancestors violations.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217031 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-38478
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234189 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-31742
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a timing attack. By sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227614 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-26387
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a time-of-check time-of-use bug when verifying add-on signatures. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221277 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-42932
**DESCRIPTION:**Mozilla Firefox and Firefox ESR could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-38509
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an unusual sequence of attacker-controlled events that allows a Javascript alert box to be displayed onto an arbitrary domain. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct spoofing attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212641 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-26386
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the downloading of temporary files to /tmp and accessible by other local users. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221281 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-42927
**DESCRIPTION:**Mozilla Firefox and Firefox ESR could allow a remote attacker to bypass security restrictions, caused by a same-origin policy violation in the performance.getEntries() method. By persuading victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to obtain cross-origin URL entries.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)

CVEID:CVE-2022-29912
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly omit cookies with a SameSite attribute by requests initiated through reader mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the SameSite cookies.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225634 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-28286
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the rendering of iframe contents outside of its border. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223381 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-26381
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in text reflows. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221280 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-22760
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by error messages would distinguishing the difference between application/javascript responses and non-script responses. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to learn information cross-origin.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219064 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-22747
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by an error when handling empty pkcs7 sequence. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217033 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-22741
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when resizing a popup while requesting fullscreen access. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the browser window.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217019 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-38493
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208812 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-1097
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in thread shutdown. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223373 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-43538
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by misusing a race in our notification code. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to forcefully hide the notification for pages that had received full screen and pointer lock access and conduct a spoofing attack.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214737 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)

CVEID:CVE-2022-31738
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when exiting fullscreen mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the browser window.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227610 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-29914
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when reusing existing popups. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the fullscreen notification UI.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225630 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-34479
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the creation of a popup that could have resized the popup to overlay the address bar with its own content. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229822 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-2200
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by setting an undesired attribute as part of prototype pollution. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229833 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-36318
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a race condition during the initialization of a new content process. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to disclose heap addresses from the parent process.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-38501
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210697 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-29916
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when loading CSS resources involving CSS variables. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to leak the browser history.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225632 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

**IBM X-Force ID:**214745
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214745 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**IBM X-Force ID:**212646
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212646 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**IBM X-Force ID:**212647
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in HTTP2 Session object. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212647 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Multicloud Management Monitoring 2.0 - 2.3 fix pack 5

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.3 fix pack 6 by following the instructions in <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade&gt;

Workarounds and Mitigations

None

How to protect your server from attacks?

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

85.8%

Related for 8AA985F10478A217523AC3590FB9E32106E3D2C6C50A1C052E0D031713E7CD6A