CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0754 – Ubuntu Security Notice USN-6610-2
https://notcve.org/view.php?id=CVE-2024-0754
23 Jan 2024 — Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. Algunos archivos fuente WASM podrían haber provocado un bloqueo al cargarlos en devtools. Esta vulnerabilidad afecta a Firefox < 122. USN-6610-1 fixed vulnerabilities in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871605 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0752 – Gentoo Linux Security Advisory 202402-26
https://notcve.org/view.php?id=CVE-2024-0752
23 Jan 2024 — A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. Podría haberse producido un bloqueo de use-after-free en macOS si se estuviera aplicando una actualización de Firefox en un sistema muy ocupado. Esto podría haber resultado en un fallo explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1866840 • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0748 – Ubuntu Security Notice USN-6610-2
https://notcve.org/view.php?id=CVE-2024-0748
23 Jan 2024 — A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. Un proceso de contenido comprometido podría haber actualizado el URI del documento. Esto podría haber permitido a un atacante establecer un URI arbitrario en la barra de direcciones o en el historial. • https://bugzilla.mozilla.org/show_bug.cgi?id=1783504 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0745 – Ubuntu Security Notice USN-6610-1
https://notcve.org/view.php?id=CVE-2024-0745
23 Jan 2024 — The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. El objeto WebAudio `OscillatorNode` era susceptible a un desbordamiento de búfer en la región stack de la memoria. Esto podría haber provocado un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871838 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0744 – Gentoo Linux Security Advisory 202402-26
https://notcve.org/view.php?id=CVE-2024-0744
23 Jan 2024 — In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. En algunas circunstancias, el código compilado JIT podría haber eliminado la referencia a un valor de puntero salvaje. Esto podría haber provocado un fallo explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0743 – Mozilla: Crash in NSS TLS method
https://notcve.org/view.php?id=CVE-2024-0743
23 Jan 2024 — An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. Un valor de retorno no verificado en el código de protocolo de enlace TLS podría haber causado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 122. The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1867408 • CWE-252: Unchecked Return Value •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0755 – Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
https://notcve.org/view.php?id=CVE-2024-0755
23 Jan 2024 — Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Errores de seguridad de la memoria presentes en Firefox 121, Firefox ESR 115.6 y Thunderbird 115.6. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0753 – Mozilla: HSTS policy on subdomain could bypass policy of upper domain
https://notcve.org/view.php?id=CVE-2024-0753
23 Jan 2024 — In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. En configuraciones HSTS específicas, un atacante podría haber omitido HSTS en un subdominio. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. • https://bugzilla.mozilla.org/show_bug.cgi?id=1870262 • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0751 – Mozilla: Privilege escalation through devtools
https://notcve.org/view.php?id=CVE-2024-0751
23 Jan 2024 — A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Se podría haber utilizado una extensión devtools maliciosa para escalar privilegios. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0750 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2024-0750
23 Jan 2024 — A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Un error en el cálculo del retraso de las notificaciones emergentes podría haber hecho posible que un atacante engañara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security... • https://bugzilla.mozilla.org/show_bug.cgi?id=1863083 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •