CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1549 – Mozilla: Custom cursor could obscure the permission dialog
https://notcve.org/view.php?id=CVE-2024-1549
20 Feb 2024 — If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Si un sitio web configura un cursor personalizado grande, partes del cursor podrían haberse superpuesto con el cuadro de diálogo de permisos, lo que podría generar confusión en el usuario y permisos concedidos inesperados. Esta vulnera... • https://bugzilla.mozilla.org/show_bug.cgi?id=1833814 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1548 – Mozilla: Fullscreen Notification could have been hidden by select element
https://notcve.org/view.php?id=CVE-2024-1548
20 Feb 2024 — A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Un sitio web podría haber oscurecido la notificación de pantalla completa mediante el uso de un elemento de entrada de selección desplegable. Esto podría haber generado confusión en los usuarios y posibles ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1832627 • CWE-449: The UI Performs the Wrong Action •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1547 – Mozilla: Alert dialog could have been spoofed on another site
https://notcve.org/view.php?id=CVE-2024-1547
20 Feb 2024 — Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. A través de una serie de llamadas API y redireccionamientos, se podría haber mostrado un cuadro de diálogo de alerta controlado por el atacante en otro sitio web (con la URL del sitio web de la víctima mostrada). Esta vulnerabilidad afecta a Firefox < 123,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1877879 • CWE-290: Authentication Bypass by Spoofing CWE-449: The UI Performs the Wrong Action •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1546 – Mozilla: Out-of-bounds memory read in networking channels
https://notcve.org/view.php?id=CVE-2024-1546
20 Feb 2024 — When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Al almacenar y volver a acceder a datos en un canal de red, es posible que se haya confundido la longitud de los bufferse, lo que resulta en una lectura de memoria fuera de los límites. Esta vulnerabilidad afecta a Firefox < 123, Firefox ESR < 115.8 y Thunderbird < ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1843752 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0755 – Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
https://notcve.org/view.php?id=CVE-2024-0755
23 Jan 2024 — Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Errores de seguridad de la memoria presentes en Firefox 121, Firefox ESR 115.6 y Thunderbird 115.6. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0753 – Mozilla: HSTS policy on subdomain could bypass policy of upper domain
https://notcve.org/view.php?id=CVE-2024-0753
23 Jan 2024 — In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. En configuraciones HSTS específicas, un atacante podría haber omitido HSTS en un subdominio. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. • https://bugzilla.mozilla.org/show_bug.cgi?id=1870262 • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0751 – Mozilla: Privilege escalation through devtools
https://notcve.org/view.php?id=CVE-2024-0751
23 Jan 2024 — A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Se podría haber utilizado una extensión devtools maliciosa para escalar privilegios. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0750 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2024-0750
23 Jan 2024 — A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Un error en el cálculo del retraso de las notificaciones emergentes podría haber hecho posible que un atacante engañara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security... • https://bugzilla.mozilla.org/show_bug.cgi?id=1863083 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0749 – Mozilla: Phishing site popup could show local origin in address bar
https://notcve.org/view.php?id=CVE-2024-0749
23 Jan 2024 — A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. Un sitio de phishing podría haber reutilizado un cuadro de diálogo "acerca de:" para mostrar contenido de phishing con un origen incorrecto en la barra de direcciones. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this... • https://bugzilla.mozilla.org/show_bug.cgi?id=1813463 • CWE-346: Origin Validation Error CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0747 – Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
https://notcve.org/view.php?id=CVE-2024-0747
23 Jan 2024 — When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Cuando una página principal cargaba una secundaria en un iframe con "unsafe-inline", la política de seguridad de contenido principal podría haber anulado la política de seguridad de contenido secundaria. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1764343 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •