ROS-20221007-05

Firefox browser vulnerability is related to a bounds error in HTML content processing. Exploitation
The vulnerability could allow a remote attacker to create a customized website, trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system.
the victim to open it, cause memory corruption, and execute arbitrary code on the target system

The Firefox browser vulnerability is related to incorrect initialization of FeaturePolicy on all pages during iframe navigation.
during iframe navigation. Exploitation of the vulnerability could allow an attacker acting remotely,
trick the victim into opening a specially crafted website, bypassing FeaturePolicy restrictions, and
force the browser to pass device permissions to insecure attached documents

The vulnerability in the Firefox, Firefox ESR web browsers and Thunderbird email client is related to errors in the
in the presentation of information by the user interface. Exploitation of the vulnerability could allow
An attacker acting remotely could disclose protected information

Vulnerability in the SpiderMonkey JavaScript script handler of Firefox, Firefox ESR and Thunderbird email client is related to copying errors in the user interface.
Thunderbird email client is related to buffer copying without checking input data size. Exploitation
the vulnerability could allow a remote attacker to execute arbitrary code by opening a specially crafted malicious web application.
A specially crafted malicious web page

PK11_ChangePW vulnerability in Mozilla Firefox browser, Thunderbird email client is related to memory usage after its release.
memory usage after it is freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service

A vulnerability in the Firefox browser is related to the fact that some requests can ignore base-uri settings
CSP when processing the injection of basic HTML elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to force the browser to accept the base of the injected element instead of the source code, which would
Bypass content security policy

Vulnerability in the implementation of the XSLT (eXtensible Stylesheet Language Transformations) technology of the email client
Thunderbird, Firefox and Firefox ESR browsers is related to incorrect restriction of visualized layers or frames.
frames. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their
privileges

Firefox browser vulnerability is related to insufficient cleansing of user data when visiting
directory listings for chrome:// URLs as source. Exploitation of the vulnerability could
allow an attacker acting remotely to execute arbitrary HTML code and script in the browser of a
of a user in the context of a vulnerable website

The Firefox browser vulnerability is related to a post-release exploitation error caused by the simultaneous
use of a URL parser with non-UTF-8 data. Exploitation of the vulnerability
could allow an attacker acting remotely to force a victim to visit a specially crafted
website, cause a post-release usage error, and execute arbitrary code on the system

Vulnerability in the XSLT (eXtensible Stylesheet Language Transformations) implementation of the Firefox browser
and Thunderbird mail client is related to incorrect operation of the user interface when the address bar
processing content in the address bar. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the address bar.
remotely to conduct spoofing attacks

Firefox browser vulnerability is related to insufficient input data validation when processing values of array elements.
of array elements. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions.
security restrictions

Firefox browser vulnerability is related to inconsistency of data in instructions and data cache when creating the
wasm code. Exploitation of the vulnerability could allow a remote attacker to trick a victim into opening a specially crafted web page.
a victim to open a specially crafted web page, cause memory corruption, and possibly execute an
arbitrary code

A vulnerability in the Firefox browser is related to improper cookie handling. Exploitation of the vulnerability
could allow an attacker, acting remotely and with access to a shared subdomain, to inject cookies with certain special characters.
cookies with certain special characters, bypass the safe context restriction for cookies with the __Host prefix.
__Host and __Secure prefix cookies and overwrite those cookies, which could lead to session-locking attacks.
session hijacking