CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-3863
https://notcve.org/view.php?id=CVE-2024-3863
16 Apr 2024 — The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. La advertencia del archivo ejecutable no se presentó al descargar archivos .xrm-ms. *Nota: Este problema solo afectó a los sistemas operativos Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1885855 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3861 – Mozilla: Potential use-after-free due to AlignedBuffer self-move
https://notcve.org/view.php?id=CVE-2024-3861
16 Apr 2024 — If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Si se asignara un AlignedBuffer a sí mismo, el movimiento automático posterior podría dar como resultado un recuento de referencias incorrecto y, posteriormente, un use-after-free. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Secu... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883158 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-3859 – Mozilla: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
https://notcve.org/view.php?id=CVE-2024-3859
16 Apr 2024 — On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. En las versiones de 32 bits había desbordamientos de enteros que conducían a una lectura fuera de los límites que potencialmente podría ser provocada por una fuente OpenType con formato incorrecto. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The... • https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3857 – Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
https://notcve.org/view.php?id=CVE-2024-3857
16 Apr 2024 — The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. El JIT creó código incorrecto para los argumentos en ciertos casos. Esto provocó posibles fallos de use-after-free durante la recolección de basura. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886683 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3854 – Mozilla: Out-of-bounds-read after mis-optimized switch statement
https://notcve.org/view.php?id=CVE-2024-3854
16 Apr 2024 — In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. En algunos patrones de código, el JIT optimizó incorrectamente las declaraciones de cambio y generó código con lecturas fuera de los límites. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the J... • https://bugzilla.mozilla.org/show_bug.cgi?id=1884552 • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3852 – Mozilla: GetBoundName in the JIT returned the wrong object
https://notcve.org/view.php?id=CVE-2024-3852
16 Apr 2024 — GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. GetBoundName podría devolver la versión incorrecta de un objeto cuando se aplicaron optimizaciones JIT. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 • CWE-386: Symbolic Name not Mapping to Correct Object CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2024-29944 – Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-29944
22 Mar 2024 — An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Un atacante pudo inyectar un controlador de eventos en un objeto privilegiado que permitiría la ejecución arbitraria de JavaScript en el proceso principal. Nota: Esta vulnerabilidad afecta única... • http://www.openwall.com/lists/oss-security/2024/03/23/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2616 – Mozilla: Improve handling of out-of-memory conditions in ICU
https://notcve.org/view.php?id=CVE-2024-2616
19 Mar 2024 — To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. Para proteger a la UCI contra la explotación, el comportamiento de las condiciones de falta de memoria se cambió para que falle en lugar de intentar continuar. Esta vulnerabilidad afecta a Firefox ESR <115.9 y Thunderbird <115.9. The Mozilla Foundation Security Advisory describes this flaw as: To harde... • https://bugzilla.mozilla.org/show_bug.cgi?id=1846197 •
CVSS: 10.0EPSS: 1%CPEs: 35EXPL: 0CVE-2024-2614 – Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
https://notcve.org/view.php?id=CVE-2024-2614
19 Mar 2024 — Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Errores de seguridad de la memoria presentes en Firefox 123, Firefox ESR 115.8 y Thunderbird 115.8. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685358%2C1861016%2C1880405%2C1881093 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 1%CPEs: 35EXPL: 0CVE-2024-2612 – Mozilla: Self referencing object could have potentially led to a use-after-free
https://notcve.org/view.php?id=CVE-2024-2612
19 Mar 2024 — If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Si un atacante pudiera encontrar una manera de activar una ruta de código particular en `SafeRefPtr`, podría haber provocado un bloqueo o potencialmente aprovecharse para lograr la ejecución del código. Esta vulnerabilidad afecta a Firefox < 124, Fire... • https://bugzilla.mozilla.org/show_bug.cgi?id=1879444 • CWE-416: Use After Free •