Page 13 of 784 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1837675 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-1127: Compilation with Insufficient Warnings or Errors •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1816287 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-290: Authentication Bypass by Spoofing CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. • https://bugzilla.mozilla.org/show_bug.cgi?id=1834711 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826002 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823077 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 •