CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4051 – Mozilla: Full screen notification obscured by file open dialog
https://notcve.org/view.php?id=CVE-2023-4051
01 Aug 2023 — A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Un sitio web podría haber oscurecido la notificación de pantalla completa utilizando el cuadro de diálogo de apertura de archivo. Esto podría haber generado confusión en los usuarios y posibles ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1821884 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4050 – Mozilla: Stack buffer overflow in StorageManager
https://notcve.org/view.php?id=CVE-2023-4050
01 Aug 2023 — In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4049 – Mozilla: Fix potential race conditions when releasing platform objects
https://notcve.org/view.php?id=CVE-2023-4049
01 Aug 2023 — Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. • https://bugzilla.mozilla.org/show_bug.cgi?id=1842658 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4048 – Mozilla: Crash in DOMParser due to out-of-memory conditions
https://notcve.org/view.php?id=CVE-2023-4048
01 Aug 2023 — An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several mino... • https://bugzilla.mozilla.org/show_bug.cgi?id=1841368 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4047 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2023-4047
01 Aug 2023 — A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. Mozilla Firefox is an open-source web browser, designed for standards compliance, performa... • https://bugzilla.mozilla.org/show_bug.cgi?id=1839073 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4046 – Mozilla: Incorrect value used during WASM compilation
https://notcve.org/view.php?id=CVE-2023-4046
01 Aug 2023 — In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentiall... • https://bugzilla.mozilla.org/show_bug.cgi?id=1837686 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4045 – Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions
https://notcve.org/view.php?id=CVE-2023-4045
01 Aug 2023 — Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. USN-6267-1 fixed vulnerabili... • https://bugzilla.mozilla.org/show_bug.cgi?id=1833876 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37456
https://notcve.org/view.php?id=CVE-2023-37456
12 Jul 2023 — The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795496 • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37455
https://notcve.org/view.php?id=CVE-2023-37455
12 Jul 2023 — The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786934 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3600 – firefox: use-after-free in workers
https://notcve.org/view.php?id=CVE-2023-3600
12 Jul 2023 — During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. Multiple security issues were discovered in Thunderbird. If a user were tricked into ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1839703 • CWE-416: Use After Free •