CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-1552 – Mozilla: Incorrect code generation on 32-bit ARM devices
https://notcve.org/view.php?id=CVE-2024-1552
20 Feb 2024 — Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. La generación incorrecta de código podría haber provocado conversiones numéricas inesperadas y un posible comportamiento indefinido.*Nota:* Este problema solo afecta a los dispositivos ARM de 32 bits. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874502 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1551 – Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
https://notcve.org/view.php?id=CVE-2024-1551
20 Feb 2024 — Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Los encabezados de respuesta Set-Cookie se respetaban incorrectamente en las respuestas HTTP de varias partes. Si un atacante pudiera co... • https://bugzilla.mozilla.org/show_bug.cgi?id=1864385 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1550 – Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
https://notcve.org/view.php?id=CVE-2024-1550
20 Feb 2024 — A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Un sitio web malicioso podría haber utilizado una combinación de salir del modo de pantalla completa y `requestPointerLock` para provocar que el mouse del... • https://bugzilla.mozilla.org/show_bug.cgi?id=1860065 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1549 – Mozilla: Custom cursor could obscure the permission dialog
https://notcve.org/view.php?id=CVE-2024-1549
20 Feb 2024 — If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Si un sitio web configura un cursor personalizado grande, partes del cursor podrían haberse superpuesto con el cuadro de diálogo de permisos, lo que podría generar confusión en el usuario y permisos concedidos inesperados. Esta vulnera... • https://bugzilla.mozilla.org/show_bug.cgi?id=1833814 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1548 – Mozilla: Fullscreen Notification could have been hidden by select element
https://notcve.org/view.php?id=CVE-2024-1548
20 Feb 2024 — A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Un sitio web podría haber oscurecido la notificación de pantalla completa mediante el uso de un elemento de entrada de selección desplegable. Esto podría haber generado confusión en los usuarios y posibles ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1832627 • CWE-449: The UI Performs the Wrong Action •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1547 – Mozilla: Alert dialog could have been spoofed on another site
https://notcve.org/view.php?id=CVE-2024-1547
20 Feb 2024 — Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. A través de una serie de llamadas API y redireccionamientos, se podría haber mostrado un cuadro de diálogo de alerta controlado por el atacante en otro sitio web (con la URL del sitio web de la víctima mostrada). Esta vulnerabilidad afecta a Firefox < 123,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1877879 • CWE-449: The UI Performs the Wrong Action •
CVSS: 7.6EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1546 – Mozilla: Out-of-bounds memory read in networking channels
https://notcve.org/view.php?id=CVE-2024-1546
20 Feb 2024 — When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Al almacenar y volver a acceder a datos en un canal de red, es posible que se haya confundido la longitud de los bufferse, lo que resulta en una lectura de memoria fuera de los límites. Esta vulnerabilidad afecta a Firefox < 123, Firefox ESR < 115.8 y Thunderbird < ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1843752 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-46051
https://notcve.org/view.php?id=CVE-2023-46051
29 Jan 2024 — TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem. TeX Live 944e257 permite una desreferencia de puntero NULL en texk/web2c/pdftexdir/tounicode.c. NOTA: esto está en disputa porque debería categorizarse como un problema de usabilidad. • http://seclists.org/fulldisclosure/2024/Jan/68 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2023-46048
https://notcve.org/view.php?id=CVE-2023-46048
29 Jan 2024 — Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. Tex Live 944e257 tiene una desreferencia de puntero NULL en texk/web2c/pdftexdir/writet1.c. NOTA: esto está en disputa porque debería categorizarse como un problema de usabilidad. • http://seclists.org/fulldisclosure/2024/Jan/65 • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-45935
https://notcve.org/view.php?id=CVE-2023-45935
29 Jan 2024 — Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. Se descubrió que Qt 6 a 6.6 contenía una desreferencia de puntero NULL mediante la función QXcbConnection::initializeAllAtoms(). NOTA: esto está en disputa porque no se espera que una aplicación X continúe ejecutándose cuando hay ... • http://seclists.org/fulldisclosure/2024/Jan/61 • CWE-476: NULL Pointer Dereference •