
CVE-2023-32207 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2023-32207
11 May 2023 — This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. ... USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. ... Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826116 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-290: Authentication Bypass by Spoofing •

CVE-2023-32213 – Mozilla: Potential memory corruption in FileReader::DoReadData()
https://notcve.org/view.php?id=CVE-2023-32213
11 May 2023 — This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. ... USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. ... Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826666 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •

CVE-2023-32215 – Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
https://notcve.org/view.php?id=CVE-2023-32215
11 May 2023 — Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. ... This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. ... Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not proper... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVE-2023-29550 – Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
https://notcve.org/view.php?id=CVE-2023-29550
13 Apr 2023 — Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. ... This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2023-29536 – Mozilla: Invalid free from JavaScript code
https://notcve.org/view.php?id=CVE-2023-29536
12 Apr 2023 — This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. ... USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. ... Ameen Basha M K discovered that Firefox did not properly ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1821959 • CWE-416: Use After Free CWE-617: Reachable Assertion •

CVE-2023-29539 – Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-29539
12 Apr 2023 — This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. ... USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. ... Ameen Basha M K discovered that Firefox did not properly ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1784348 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-476: NULL Pointer Dereference •

CVE-2023-29541 – Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
https://notcve.org/view.php?id=CVE-2023-29541
12 Apr 2023 — <br>*This bug only affects Firefox for Linux on certain Distributions. ... This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. ... *This bug only affects Firefox for Linux on certain Distributions. ... Multiple security issues were discovered in Firefox. ... Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. • https://bugzilla.mozilla.org/show_bug.cgi?id=1810191 • CWE-116: Improper Encoding or Escaping of Output CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2023-29543 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29543
12 Apr 2023 — This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. • https://bugzilla.mozilla.org/show_bug.cgi?id=1816158 • CWE-116: Improper Encoding or Escaping of Output CWE-416: Use After Free •

CVE-2023-29008 – SvelteKit framework has Insufficient CSRF protection for CORS requests
https://notcve.org/view.php?id=CVE-2023-29008
06 Apr 2023 — This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. • https://github.com/sveltejs/kit/commit/ba436c6685e751d968a960fbda65f24cf7a82e9f • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •

CVE-2023-28161 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-28161
16 Mar 2023 — This vulnerability affects Firefox < 111. USN-5954-1 fixed vulnerabilities in Firefox. ... Multiple security issues were discovered in Firefox. ... Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. ... Luan Herrera discovered that Firefox did not properly manage cross-origin iframe when dragging a URL. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811181 • CWE-281: Improper Preservation of Permissions •