CVE-2022-31737 – Mozilla: Heap buffer overflow in WebGL
https://notcve.org/view.php?id=CVE-2022-31737
This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. ... Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743767 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31737 https://bugzilla.redhat.com/show_bug.cgi?id=2092019 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2022-31747 – Mozilla: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
https://notcve.org/view.php?id=CVE-2022-31747
Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. ... This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. ... Pierron y Mozilla Fuzzing Team, informaron sobre errores de seguridad de la memoria presentes en Firefox 100 y Firefox ESR 91.9. ... Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10. ... Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31747 https://bugzilla.redhat.com/show_bug.cgi?id=2092026 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2022-29917 – Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
https://notcve.org/view.php?id=CVE-2022-29917
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. ... This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Los desarrolladores de Mozilla, Andrew McCreight, Gabriele Svelto, Tom Ritter y el equipo Mozilla Fuzzing, informaron sobre errores de seguridad de la memoria presentes en Firefox 99 y Firefox ESR 91.8. ... Esta vulnerabilidad afecta a Thunderbird < 91.9, Firefox ESR < 91.9 y Firefox < 100. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778 https://www.mozilla.org/security/advisories/mfsa2022-16 https://www.mozilla.org/security/advisories/mfsa2022-17 https://www.mozilla.org/security/advisories/mfsa2022-18 https://access.redhat.com/security/cve/CVE-2022-29917 https://bugzilla.redhat.com/show_bug.cgi?id=2081473 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2022-26384 – Mozilla: iframe allow-scripts sandbox bypass
https://notcve.org/view.php?id=CVE-2022-26384
This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. ... Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1744352 https://www.mozilla.org/security/advisories/mfsa2022-10 https://www.mozilla.org/security/advisories/mfsa2022-11 https://www.mozilla.org/security/advisories/mfsa2022-12 https://access.redhat.com/security/cve/CVE-2022-26384 https://bugzilla.redhat.com/show_bug.cgi?id=2062221 • CWE-179: Incorrect Behavior Order: Early Validation •
CVE-2022-26486 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-26486
This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. ... Esta vulnerabilidad afecta a Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox para Android < 97.3.0, Thunderbird < 91.6.2 y Focus < 97.3.0. ... An attacker with enough privileges could exploit this flaw leading to a complete system compromise Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1758070 https://www.mozilla.org/security/advisories/mfsa2022-09 https://access.redhat.com/security/cve/CVE-2022-26486 https://bugzilla.redhat.com/show_bug.cgi?id=2061735 • CWE-416: Use After Free •