Medium
CVE-2022-34473 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to sanitize xlink:href attributes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using use tags to bypass the HTML Sanitizer.
CVE-2022-34475 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using same-origin script via use tags to bypass the HTML Sanitizer API.
CVE-2022-34477 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a leak in the MediaError message property. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
Information Disclosure
Security Bypass
Mozilla Firefox 101
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.