Why Fuzz Test: 20 Mozilla Vulnerabilities Found With Fuzz Testing

Robert Vamosi
January 24, 2023
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

At ForAllSecure, we're often asked whether other companies actively fuzz test their software in development. And the answer is yes. Google Chrome has long done this. Similarly, Mozilla, makers of the Firefox browser, fuzz test their software as well.

Recently the company reported 20 vulnerabilities they found through fuzz testing their code. The Mozilla vulnerabilities include 5 Critical and 15 High vulnerabilities.

Here's the listing from NIST:

<table border="1" cellpadding="10px" cellspacing="0" style="font-size: 14px; width: 100%; height: 1379.45px; background-color: #ffffff; border-color: #161721;"><colgroup><col width="100" style="width: 18.7766%;"><col width="100" style="width: 62.8066%;"><col width="100" style="width: 18.4495%;"></colgroup>
<tbody>
<tr style="height: 19.5938px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Vuln ID&quot;}" style="height: 19.5938px;"><strong>Vulnerability ID</strong></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Summary&quot;}" style="height: 19.5938px;"><strong>Summary</strong></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVSS Severity&quot;}" style="height: 19.5938px;">
<div>
<div><strong>CVSS Severity</strong></div>
</div>
</td>
</tr>
<tr style="height: 62.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-36320&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-36320" style="height: 62.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-36320" target="_blank" rel="noopener">CVE-2022-36320</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103.\nPublished: December 22, 2022; 3:15:36 PM -0500&quot;}" style="height: 62.375px;">Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 103.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 9.8 CRITICAL\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-36320&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-36320&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:18}" style="height: 62.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-36320&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-36320&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">9.8 CRITICAL</a><span><br><br></span></td>
</tr>
<tr style="height: 65.125px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-34485&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-34485" style="height: 65.125px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-34485" target="_blank" rel="noopener">CVE-2022-34485</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102.\nPublished: December 22, 2022; 3:15:34 PM -0500&quot;}" style="height: 65.125px;">Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 102.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 9.8 CRITICAL\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34485&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34485&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:18}" style="height: 65.125px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34485&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34485&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">9.8 CRITICAL</a><span><br><br></span></td>
</tr>
<tr style="height: 64.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-31748&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-31748" style="height: 64.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-31748" target="_blank" rel="noopener">CVE-2022-31748</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101.\nPublished: December 22, 2022; 3:15:30 PM -0500&quot;}" style="height: 64.375px;">Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 101.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 9.8 CRITICAL\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31748&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31748&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:18}" style="height: 64.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31748&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31748&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">9.8 CRITICAL</a><span><br><br></span></td>
</tr>
<tr style="height: 64.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-31747&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-31747" style="height: 64.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-31747" target="_blank" rel="noopener">CVE-2022-31747</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.\nPublished: December 22, 2022; 3:15:30 PM -0500&quot;}" style="height: 64.375px;">Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 9.8 CRITICAL\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31747&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31747&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:18}" style="height: 64.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31747&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31747&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">9.8 CRITICAL</a><span><br><br></span></td>
</tr>
<tr style="height: 78.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-29917&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-29917" style="height: 78.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-29917" target="_blank" rel="noopener">CVE-2022-29917</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.\nPublished: December 22, 2022; 3:15:26 PM -0500&quot;}" style="height: 78.375px;">Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 91.9, Firefox ESR &lt; 91.9, and Firefox &lt; 100.<br><br></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 9.8 CRITICAL\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:18}" style="height: 78.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">9.8 CRITICAL</a><span><br><br></span></td>
</tr>
<tr style="height: 25.2969px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Vuln ID&quot;}" style="height: 25.2969px;"><strong>Vulnerability ID</strong></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Summary&quot;}" style="height: 25.2969px;"><strong>Summary</strong></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVSS Severity&quot;}" style="height: 25.2969px;">
<div>
<div><strong>CVSS Severity</strong></div>
</div>
</td>
</tr>
<tr style="height: 58.7812px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-46885&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-46885" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-46885" target="_blank" rel="noopener">CVE-2022-46885</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106.\nPublished: December 22, 2022; 3:15:48 PM -0500&quot;}" style="height: 58.7812px;">Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 106.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46885&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46885&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46885&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46885&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 78.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-46883&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-46883" style="height: 78.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-46883" target="_blank" rel="noopener">CVE-2022-46883</a></td>
<td style="height: 78.375px;">Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.&lt;br /&gt;*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox &lt; 107.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46883&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46883&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 78.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46883&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46883&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 58.7812px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-46879&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-46879" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-46879" target="_blank" rel="noopener">CVE-2022-46879</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108.\nPublished: December 22, 2022; 3:15:47 PM -0500&quot;}" style="height: 58.7812px;">Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 108.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46879&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46879&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46879&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46879&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 59.9219px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-46878&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-46878" style="height: 59.9219px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-46878" target="_blank" rel="noopener">CVE-2022-46878</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.\nPublished: December 22, 2022; 3:15:46 PM -0500&quot;}" style="height: 59.9219px;">Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 108, Firefox ESR &lt; 102.6, and Thunderbird &lt; 102.6</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46878&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46878&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 59.9219px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46878&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-46878&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 58.7812px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-42932&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-42932" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-42932" target="_blank" rel="noopener">CVE-2022-42932</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.\nPublished: December 22, 2022; 3:15:41 PM -0500&quot;}" style="height: 58.7812px;">Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 102.4, Firefox ESR &lt; 102.4, and Firefox &lt; 106.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-42932&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-42932&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-42932&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-42932&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 80.3438px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-40962&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-40962" style="height: 80.3438px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-40962" target="_blank" rel="noopener">CVE-2022-40962</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.\nPublished: December 22, 2022; 3:15:39 PM -0500&quot;}" style="height: 80.3438px;">Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3, and Firefox &lt; 105.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-40962&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-40962&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 80.3438px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-40962&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-40962&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 58.7812px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-38478&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-38478" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-38478" target="_blank" rel="noopener">CVE-2022-38478</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.\nPublished: December 22, 2022; 3:15:37 PM -0500&quot;}" style="height: 58.7812px;">Members of the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 102.2, Thunderbird &lt; 91.13, Firefox ESR &lt; 91.13, Firefox ESR &lt; 102.2, and Firefox &lt; 104.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38478&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38478&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38478&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38478&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 62.9219px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-38477&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-38477" style="height: 62.9219px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-38477" target="_blank" rel="noopener">CVE-2022-38477</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.\nPublished: December 22, 2022; 3:15:37 PM -0500&quot;}" style="height: 62.9219px;">Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 102.2, Thunderbird &lt; 102.2, and Firefox &lt; 104.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38477&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38477&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 62.9219px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38477&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38477&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 59.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-34484&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-34484" style="height: 59.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-34484" target="_blank" rel="noopener">CVE-2022-34484</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.\nPublished: December 22, 2022; 3:15:34 PM -0500&quot;}" style="height: 59.375px;">The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34484&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34484&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 59.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34484&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34484&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 60.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-2505&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-2505" style="height: 60.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-2505" target="_blank" rel="noopener">CVE-2022-2505</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.\nPublished: December 22, 2022; 3:15:27 PM -0500&quot;}" style="height: 60.375px;">Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 102.1, Firefox &lt; 103, and Thunderbird &lt; 102.1.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-2505&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-2505&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 60.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-2505&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-2505&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 58.7812px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-29918&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-29918" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-29918" target="_blank" rel="noopener">CVE-2022-29918</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100.\nPublished: December 22, 2022; 3:15:27 PM -0500&quot;}" style="height: 58.7812px;">Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 100.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29918&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29918&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29918&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29918&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 58.7812px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-29917&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-29917" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-29917" target="_blank" rel="noopener">CVE-2022-29917</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.\nPublished: December 22, 2022; 3:15:26 PM -0500&quot;}" style="height: 58.7812px;">Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 91.9, Firefox ESR &lt; 91.9, and Firefox &lt; 100.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 9.8 CRITICAL\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:18}" style="height: 58.7812px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-29917&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">9.8 CRITICAL</a><span><br><br></span></td>
</tr>
<tr style="height: 60.4297px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-28289&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-28289" style="height: 60.4297px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-28289" target="_blank" rel="noopener">CVE-2022-28289</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.\nPublished: December 22, 2022; 3:15:25 PM -0500&quot;}" style="height: 60.4297px;">Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 91.8, Firefox &lt; 99, and Firefox ESR &lt; 91.8.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28289&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28289&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 60.4297px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28289&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28289&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 62.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-28288&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-28288" style="height: 62.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-28288" target="_blank" rel="noopener">CVE-2022-28288</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 99.\nPublished: December 22, 2022; 3:15:24 PM -0500&quot;}" style="height: 62.375px;">Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 99</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28288&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28288&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 62.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28288&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-28288&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 63.375px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-22764&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-22764" style="height: 63.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-22764" target="_blank" rel="noopener">CVE-2022-22764</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.\nPublished: December 22, 2022; 3:15:20 PM -0500&quot;}" style="height: 63.375px;">Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 97, Thunderbird &lt; 91.6, and Firefox ESR &lt; 91.6.</td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;V3.1: 8.8 HIGH\nV2.0:(not available)&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-22764&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" data-sheets-hyperlinkruns="{&quot;1&quot;:6,&quot;2&quot;:&quot;https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-22764&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST&quot;}{&quot;1&quot;:14}" style="height: 63.375px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-22764&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" target="_blank" rel="noopener"><span>V3.1: </span><span></span></a><a class="in-cell-link" target="_blank" href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-22764&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" rel="noopener">8.8 HIGH</a><span><br><br></span></td>
</tr>
<tr style="height: 59.75px;">
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;CVE-2022-0511&quot;}" data-sheets-hyperlink="https://nvd.nist.gov/vuln/detail/CVE-2022-0511" style="height: 59.75px;"><a class="in-cell-link" href="https://nvd.nist.gov/vuln/detail/CVE-2022-0511" target="_blank" rel="noopener">CVE-2022-0511</a></td>
<td data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97.\nPublished: December 22, 2022; 3:15:12 PM -0500&quot;}" style="height: 59.75px;">Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 97.</td>
<td style="height: 59.75px;"><span id="cvss3-link"><em>V3.1:</em><span>&nbsp;</span><a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-0511&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-19">8.8 HIGH</a><br></span></td>
</tr>
</tbody>
</table>

Share this post

How about some Mayhem in your inbox?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem