CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2616 – Mozilla: Improve handling of out-of-memory conditions in ICU
https://notcve.org/view.php?id=CVE-2024-2616
19 Mar 2024 — To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. Para proteger a la UCI contra la explotación, el comportamiento de las condiciones de falta de memoria se cambió para que falle en lugar de intentar continuar. Esta vulnerabilidad afecta a Firefox ESR <115.9 y Thunderbird <115.9. The Mozilla Foundation Security Advisory describes this flaw as: To harde... • https://bugzilla.mozilla.org/show_bug.cgi?id=1846197 •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2614 – Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
https://notcve.org/view.php?id=CVE-2024-2614
19 Mar 2024 — Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Errores de seguridad de la memoria presentes en Firefox 123, Firefox ESR 115.8 y Thunderbird 115.8. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685358%2C1861016%2C1880405%2C1881093 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2612 – Mozilla: Self referencing object could have potentially led to a use-after-free
https://notcve.org/view.php?id=CVE-2024-2612
19 Mar 2024 — If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Si un atacante pudiera encontrar una manera de activar una ruta de código particular en `SafeRefPtr`, podría haber provocado un bloqueo o potencialmente aprovecharse para lograr la ejecución del código. Esta vulnerabilidad afecta a Firefox < 124, Fire... • https://bugzilla.mozilla.org/show_bug.cgi?id=1879444 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2611 – Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions
https://notcve.org/view.php?id=CVE-2024-2611
19 Mar 2024 — A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Una demora faltante en el momento en que se usó el bloqueo del puntero podría haber permitido que una página maliciosa engañara a un usuario para que otorgara permisos. Esta vulnerabilidad afecta a Firefox < 124, Firefox ESR < 115.9 y Thunderbird < 115.9. The Mozilla Foundation Security Ad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1876675 • CWE-449: The UI Performs the Wrong Action •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2610 – Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
https://notcve.org/view.php?id=CVE-2024-2610
19 Mar 2024 — Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Al utilizar una inyección de marcado, un atacante podría haber robado valores nonce. Esto podría haberse utilizado para eludir las estrictas políticas de seguridad de contenido. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2609 – Mozilla: Permission prompt input delay could expire when not in focus
https://notcve.org/view.php?id=CVE-2024-2609
19 Mar 2024 — The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. El retraso en la entrada del mensaje de permiso podría haber expirado mientras la ventana no estaba enfocada, lo que hizo que el mensaje fuera vulnerable al clickjacking por parte de sitios web maliciosos. Esta vulnerabilidad afecta a Firefox < 124. • https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 • CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2608 – Mozilla: Integer overflow could have led to out of bounds write
https://notcve.org/view.php?id=CVE-2024-2608
19 Mar 2024 — `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` y `AppendEncodedCharacters()` podrían haber experimentado desbordamientos de enteros, lo que provocó una asignación insuficiente de un bú... • https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0CVE-2024-2607 – Mozilla: JIT code failed to save return registers on Armv7-A
https://notcve.org/view.php?id=CVE-2024-2607
19 Mar 2024 — Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Se sobrescribieron los registros de retorno, lo que podría haber permitido a un atacante ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1879939 • CWE-123: Write-what-where Condition CWE-1262: Improper Access Control for Register Interface •
CVSS: 7.6EPSS: 0%CPEs: 26EXPL: 0CVE-2024-1936 – Mozilla: Leaking of encrypted email subjects to other conversations
https://notcve.org/view.php?id=CVE-2024-1936
04 Mar 2024 — The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the co... • https://bugzilla.mozilla.org/show_bug.cgi?id=1860977 • CWE-311: Missing Encryption of Sensitive Data CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1553 – Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
https://notcve.org/view.php?id=CVE-2024-1553
20 Feb 2024 — Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Errores de seguridad de la memoria presentes en Firefox 122, Firefox ESR 115.7 y Thunderbird 115.7. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •