CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23605 – Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
https://notcve.org/view.php?id=CVE-2023-23605
19 Jan 2023 — Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1764921%2C1802690%2C1806974 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4127 – Mozilla: Angle graphics library out of date
https://notcve.org/view.php?id=CVE-2021-4127
22 Dec 2022 — An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. Una librería de gráficos desactualizada (Angle) probablemente contenía vulnerabilidades que podrían explotarse. Esta vulnerabilidad afecta a Thunderbird < 78.9 y Firefox ESR < 78.9. The Mozilla Foundation Security Advisory describes this issue as: An out of date graphics library (Angle) likely contained vulnerabilities that ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1691547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46872 – Mozilla: Arbitrary file read from a compromised content process
https://notcve.org/view.php?id=CVE-2022-46872
13 Dec 2022 — An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.
*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipbo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1799156 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46874 – Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
https://notcve.org/view.php?id=CVE-2022-46874
13 Dec 2022 — A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.
*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and... • https://bugzilla.mozilla.org/show_bug.cgi?id=1746139 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-222: Truncation of Security-relevant Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46875 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2022-46875
13 Dec 2022 — The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46878 – Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
https://notcve.org/view.php?id=CVE-2022-46878
13 Dec 2022 — Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Randell Jesup, Valentin Gosu, Oll... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1782219%2C1797370%2C1797685%2C1801102%2C1801315%2C1802395 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46880 – Mozilla: Use-after-free in WebGL
https://notcve.org/view.php?id=CVE-2022-46880
13 Dec 2022 — A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.
*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: A missing check related to tex units could have led to a use-after-free and pot... • https://bugzilla.mozilla.org/show_bug.cgi?id=1749292 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46881 – Mozilla: Memory corruption in WebGL
https://notcve.org/view.php?id=CVE-2022-46881
13 Dec 2022 — An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6. Una optimización en WebGL era incorrecta en algunos casos, y podría haber provocado daños en la memoria y un bloqueo potencia... • https://bugzilla.mozilla.org/show_bug.cgi?id=1770930 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46882 – Mozilla: Use-after-free in WebGL
https://notcve.org/view.php?id=CVE-2022-46882
13 Dec 2022 — A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free in WebGL extensions could have led to a potentially exploitable crash. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit t... • https://bugzilla.mozilla.org/show_bug.cgi?id=1789371 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45403 – Mozilla: Service Workers might have learned size of cross-origin media files
https://notcve.org/view.php?id=CVE-2022-45403
17 Nov 2022 — Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Los trabajadores de servicios no deberían poder inferir información sobre respuestas opacas de origen cruzado; pero la información de tiempo para medios de distintos orígenes comb... • https://bugzilla.mozilla.org/show_bug.cgi?id=1762078 • CWE-203: Observable Discrepancy CWE-829: Inclusion of Functionality from Untrusted Control Sphere •