firefox is vulnerable to arbitrary code execution. The vulnerability exists due to address bar spoofing via XSLT error handling which allows an attacker to execute arbitrary code on the system.
access.redhat.com/security/cve/CVE-2022-38472
bugzilla.mozilla.org/show_bug.cgi?id=1769155
bugzilla.redhat.com/show_bug.cgi?id=2120673
security-tracker.debian.org/tracker/CVE-2022-38472
www.mozilla.org/security/advisories/mfsa2022-33/
www.mozilla.org/security/advisories/mfsa2022-34/
www.mozilla.org/security/advisories/mfsa2022-35/
www.mozilla.org/security/advisories/mfsa2022-36/
www.mozilla.org/security/advisories/mfsa2022-37/