CVSS: 5.1EPSS: 0%CPEs: 17EXPL: 0CVE-2024-3863
https://notcve.org/view.php?id=CVE-2024-3863
16 Apr 2024 — The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. La advertencia del archivo ejecutable no se presentó al descargar archivos .xrm-ms. *Nota: Este problema solo afectó a los sistemas operativos Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1885855 •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3861 – Mozilla: Potential use-after-free due to AlignedBuffer self-move
https://notcve.org/view.php?id=CVE-2024-3861
16 Apr 2024 — If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Si se asignara un AlignedBuffer a sí mismo, el movimiento automático posterior podría dar como resultado un recuento de referencias incorrecto y, posteriormente, un use-after-free. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Secu... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883158 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-3859 – Mozilla: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
https://notcve.org/view.php?id=CVE-2024-3859
16 Apr 2024 — On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. En las versiones de 32 bits había desbordamientos de enteros que conducían a una lectura fuera de los límites que potencialmente podría ser provocada por una fuente OpenType con formato incorrecto. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The... • https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3857 – Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
https://notcve.org/view.php?id=CVE-2024-3857
16 Apr 2024 — The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. El JIT creó código incorrecto para los argumentos en ciertos casos. Esto provocó posibles fallos de use-after-free durante la recolección de basura. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886683 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3854 – Mozilla: Out-of-bounds-read after mis-optimized switch statement
https://notcve.org/view.php?id=CVE-2024-3854
16 Apr 2024 — In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. En algunos patrones de código, el JIT optimizó incorrectamente las declaraciones de cambio y generó código con lecturas fuera de los límites. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the J... • https://bugzilla.mozilla.org/show_bug.cgi?id=1884552 • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3852 – Mozilla: GetBoundName in the JIT returned the wrong object
https://notcve.org/view.php?id=CVE-2024-3852
16 Apr 2024 — GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. GetBoundName podría devolver la versión incorrecta de un objeto cuando se aplicaron optimizaciones JIT. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 • CWE-386: Symbolic Name not Mapping to Correct Object CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2024-30203 – emacs: Gnus treats inline MIME contents as trusted
https://notcve.org/view.php?id=CVE-2024-30203
25 Mar 2024 — In Emacs before 29.3, Gnus treats inline MIME contents as trusted. En Emacs anterior a 29.3, Gnus trata el contenido MIME en línea como confiable. A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. • http://www.openwall.com/lists/oss-security/2024/03/25/2 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2024-30204 – emacs: LaTeX preview is enabled by default for e-mail attachments
https://notcve.org/view.php?id=CVE-2024-30204
25 Mar 2024 — In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. En Emacs anterior a 29.3, la vista previa de LaTeX está habilitada de forma predeterminada para los archivos adjuntos de correo electrónico. A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. • http://www.openwall.com/lists/oss-security/2024/03/25/2 • CWE-276: Incorrect Default Permissions CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-30205 – emacs: Org mode considers contents of remote files to be trusted
https://notcve.org/view.php?id=CVE-2024-30205
25 Mar 2024 — In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. En Emacs anterior a 29.3, el modo Org considera que el contenido de los archivos remotos es confiable. Esto afecta al modo de organización anterior a la versión 9.6.23. A flaw was found in Emacs. • http://www.openwall.com/lists/oss-security/2024/03/25/2 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data CWE-494: Download of Code Without Integrity Check •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-30161
https://notcve.org/view.php?id=CVE-2024-30161
24 Mar 2024 — In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.) En Qt anterior a 6.5.6 y 6.6.x anterior a 6.6.3, el componente wasm puede acceder a los datos del encabezado QNetworkReply a través de un puntero colgante. • https://codereview.qt-project.org/c/qt/qtbase/+/544314 •