CVE-2022-22759 – Mozilla: Sandboxed iframes could have executed script if the parent appended elements
https://notcve.org/view.php?id=CVE-2022-22759
This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. ... Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1739957 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22759 https://bugzilla.redhat.com/show_bug.cgi?id=2053242 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2021-4140 – Mozilla: Iframe sandbox bypass with XSLT
https://notcve.org/view.php?id=CVE-2021-4140
This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. ... Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1746720 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2021-4140 https://bugzilla.redhat.com/show_bug.cgi?id=2039568 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2021-43527 – nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
https://notcve.org/view.php?id=CVE-2021-43527
*Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. ... *Nota: Esta vulnerabilidad NO afecta a Mozilla Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM https://security.gentoo.org/glsa/202212-05 https://security.netapp.com/advisory/ntap-20211229-0002 https://www.mozilla.org/security/advisories/mfsa2021-51 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.starwindsoftw • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2021-38503 – Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
https://notcve.org/view.php?id=CVE-2021-38503
This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 94, Thunderbird versiones anteriores a 91.3 y Firefox ESR versiones anteriores a 91.3 The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. • https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •
CVE-2021-29971
https://notcve.org/view.php?id=CVE-2021-29971
*This bug only affects Firefox for Android. ... This vulnerability affects Firefox < 90. ... *Este bug sólo afecta a Firefox para Android. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 90 • https://bugzilla.mozilla.org/show_bug.cgi?id=1713638 https://www.mozilla.org/security/advisories/mfsa2021-28 • CWE-281: Improper Preservation of Permissions •