![]() (CVE-2022-34474) - When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. (CVE-2022-34481) - Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. (CVE-2022-34476) - In the nsTArrayImpl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. (CVE-2022-34483) - ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. While very similar, this is a separate issue from CVE-2022-34482. ![]() (CVE-2022-34482) - An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. (CVE-2022-34468) - An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. (CVE-2022-34470) - An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. (CVE-2022-34479) - Navigations between XML documents may have led to a use-after-free and potentially exploitable crash. A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-24 advisory. Description The version of Firefox installed on the remote Windows host is prior to 102.0. Synopsis A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |