关键漏洞信息 Advised: April 5, 2022 High Impact Vulnerabilities CVE-2022-1097: Use-after-free in NSS Token objects - Reporter: Randell Jesup - Description: Potential to lead to unpredictable crashes and exploitation. CVE-2022-28281: Out of bounds write from unanticipated WebAuthN extensions - Reporter: Axel 'Overclock' Souchet - Description: May cause memory corruption and crashes. Moderate Impact Vulnerabilities CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument - Reporter: Kirin - Description: Possible to trigger a use-after-free condition which could lead to crashes. CVE-2022-28283: Missing security checks for fetching sourceMapURL - Reporter: Gijs - Description: A page could attempt to include local files that should have been inaccessible. CVE-2022-28284: Script could be executed via svg's use element - Reporter: Leo Balter - Description: May lead to execution of unexpected content via SVG's element. CVE-2022-28285: Incorrect AliasSet used in JIT Code generation - Reporter: Lukas Bernhard - Description: May result in out of bounds memory read in conjunction with another vulnerability. Low Impact Vulnerabilities CVE-2022-28286: iframe contents may appear outside border - Reporter: prada960808 - Description: Could cause user confusion or spoofing attacks. CVE-2022-28287: Text Selection may cause crashes - Reporter: Aryan Sinha - Description: Selecting text might corrupt text selection caching. CVE-2022-24713: Denial of Service via complex regular expressions - Reporters: Addison Crump and Jan-Erik Rediger - Description: Potential for Denial of Service in browser due complex regex expressions. High & Moderate Impact Memory Safety Bugs CVE-2022-28289 & CVE-2022-28288: - Reporters: Mozilla developers, Randell Jesup, Sebastian Hengst, community members. - Description: Memory safety issues that could potentially be exploited to run arbitrary code.