CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5693 – Mozilla: Cross-Origin Image leak via Offscreen Canvas
https://notcve.org/view.php?id=CVE-2024-5693
11 Jun 2024 — Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Offscreen Canvas no realizó un seguimiento adecuado de la contaminación de origen cruzado, que podría usarse para acceder a datos de imágenes de otro sitio en violación de la política del mismo origen. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR &l... • https://bugzilla.mozilla.org/show_bug.cgi?id=1891319 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-5692
https://notcve.org/view.php?id=CVE-2024-5692
11 Jun 2024 — On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. En Windows, al utilizar la función "Guardar como", un atacante podría haber engañado al navegador para que g... • https://bugzilla.mozilla.org/show_bug.cgi?id=1891234 •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5691 – Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
https://notcve.org/view.php?id=CVE-2024-5691
11 Jun 2024 — By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al engañar al navegador con un encabezado `X-Frame-Options`, un iframe en espacio aislado podría haber presentado un botón que, si un usuario hiciera clic en él, evitaría las restricciones para abrir una nueva ventana. Esta vulnerabilidad a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1888695 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-5690 – Mozilla: External protocol handlers leaked by timing attack
https://notcve.org/view.php?id=CVE-2024-5690
11 Jun 2024 — By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al monitorear el tiempo que toman ciertas operaciones, un atacante podría haber adivinado qué controladores de protocolos externos eran funcionales en el sistema de un usuario. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation S... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883693 • CWE-385: Covert Timing Channel •
CVSS: 8.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5688 – Mozilla: Use-after-free in JavaScript object transplant
https://notcve.org/view.php?id=CVE-2024-5688
11 Jun 2024 — If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Si se activó una recolección de basura en el momento adecuado, podría haberse producido un use-after-free durante el trasplante de objetos. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895086 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5702 – Mozilla: Use-after-free in networking
https://notcve.org/view.php?id=CVE-2024-5702
11 Jun 2024 — Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. La corrupción de la memoria en la pila de red podría haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1193389 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4778 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-4778
14 May 2024 — Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126. Errores de seguridad de la memoria presentes en Firefox 125. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1838834%2C1889291%2C1889595%2C1890204%2C1891545 • CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4776 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-4776
14 May 2024 — A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126. Un cuadro de diálogo de archivo mostrado en modo de pantalla completa podría haber provocado que la ventana permaneciera deshabilitada. Esta vulnerabilidad afecta a Firefox < 126. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1887343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4775 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-4775
14 May 2024 — An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126. Faltaba una condición de detención del iterador al manejar el código WASM en el generador de perfiles integrado, lo que podría provocar un acceso no válido a la memoria y un comportamiento indefinido. *Nota:* Este problema solo afecta... • https://bugzilla.mozilla.org/show_bug.cgi?id=1887332 • CWE-431: Missing Handler •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4774 – Gentoo Linux Security Advisory 202408-02
https://notcve.org/view.php?id=CVE-2024-4774
14 May 2024 — The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126. El código `ShmemCharMapHashEntry()` era susceptible a un comportamiento potencialmente indefinido al omitir la semántica de movimiento de uno de sus miembros de datos. Esta vulnerabilidad afecta a Firefox < 126. USN-6779-1 fixed vulnerabilities in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886598 •