CVE-2023-5758
https://notcve.org/view.php?id=CVE-2023-5758
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. Al abrir una página en modo lector, la URL de redireccionamiento podría haber provocado que se ejecutara un script controlado por el atacante en un ataque reflejado de Cross-Site Scripting (XSS). Esta vulnerabilidad afecta a Firefox para iOS < 119. • https://bugzilla.mozilla.org/show_bug.cgi?id=1850019 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-5732 – Mozilla: Address bar spoofing via bidirectional characters
https://notcve.org/view.php?id=CVE-2023-5732
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un atacante podría haber creado un enlace malicioso utilizando caracteres bidireccionales para falsificar la ubicación en la barra de direcciones cuando se visita. Esta vulnerabilidad afecta a Firefox < 117, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. • https://bugzilla.mozilla.org/show_bug.cgi?id=1690979 https://bugzilla.mozilla.org/show_bug.cgi?id=1836962 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/a • CWE-450: Multiple Interpretations of UI Input •
CVE-2023-5731
https://notcve.org/view.php?id=CVE-2023-5731
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. Errores de seguridad de la memoria presentes en Firefox 118. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1690111%2C1721904%2C1851803%2C1854068 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-45 • CWE-787: Out-of-bounds Write •
CVE-2023-5730 – Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
https://notcve.org/view.php?id=CVE-2023-5730
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Errores de seguridad de la memoria presentes en Firefox 118, Firefox ESR 115.3 y Thunderbird 115.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2023-5729
https://notcve.org/view.php?id=CVE-2023-5729
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. Un sitio web malicioso puede ingresar al modo de pantalla completa y al mismo tiempo activar un mensaje de WebAuthn. Esto podría haber oscurecido la notificación en pantalla completa y podría haberse aprovechado en un ataque de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823720 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-45 •