CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6204 – Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
https://notcve.org/view.php?id=CVE-2023-6204
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. En algunos sistemas, dependiendo de la configuración de gráficos y los controladores, era posible forzar una lectura fuera de los límites y filtrar datos de memoria en las imágenes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes this flaw as: On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. • https://bugzilla.mozilla.org/show_bug.cgi?id=1841050 https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html https://www.debian.org/security/2023/dsa-5561 https://www.mozilla.org/security/advisories/mfsa2023-49 https://www.mozilla.org/security/advisories/mfsa2023-50 https://www.mozilla.org/security/advisories/mfsa2023-52 https://access.redhat.com/security/cve/CVE-2023-6204 https://bugzilla.redhat.com/ • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5758
https://notcve.org/view.php?id=CVE-2023-5758
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. Al abrir una página en modo lector, la URL de redireccionamiento podría haber provocado que se ejecutara un script controlado por el atacante en un ataque reflejado de Cross-Site Scripting (XSS). Esta vulnerabilidad afecta a Firefox para iOS < 119. • https://bugzilla.mozilla.org/show_bug.cgi?id=1850019 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5732 – Mozilla: Address bar spoofing via bidirectional characters
https://notcve.org/view.php?id=CVE-2023-5732
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un atacante podría haber creado un enlace malicioso utilizando caracteres bidireccionales para falsificar la ubicación en la barra de direcciones cuando se visita. Esta vulnerabilidad afecta a Firefox < 117, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. • https://bugzilla.mozilla.org/show_bug.cgi?id=1690979 https://bugzilla.mozilla.org/show_bug.cgi?id=1836962 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/a • CWE-450: Multiple Interpretations of UI Input •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5731
https://notcve.org/view.php?id=CVE-2023-5731
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. Errores de seguridad de la memoria presentes en Firefox 118. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1690111%2C1721904%2C1851803%2C1854068 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-45 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5730 – Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
https://notcve.org/view.php?id=CVE-2023-5730
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Errores de seguridad de la memoria presentes en Firefox 118, Firefox ESR 115.3 y Thunderbird 115.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •