CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2023-28746 – kernel: Local information disclosure on Intel(R) Atom(R) processors
https://notcve.org/view.php?id=CVE-2023-28746
14 Mar 2024 — Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de la información a través del estado de la microarquitectura después de la ejecución transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgación de info... • http://www.openwall.com/lists/oss-security/2024/03/12/13 • CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2024-25081 – fontforge: command injection via crafted filenames
https://notcve.org/view.php?id=CVE-2024-25081
26 Feb 2024 — Splinefont in FontForge through 20230101 allows command injection via crafted filenames. Splinefont en FontForge hasta 20230101 permite la inyección de comandos mediante nombres de archivos manipulados. • http://www.openwall.com/lists/oss-security/2024/03/08/2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2024-25082 – fontforge: command injection via crafted archives or compressed files
https://notcve.org/view.php?id=CVE-2024-25082
26 Feb 2024 — Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. Splinefont en FontForge hasta 20230101 permite la inyección de comandos a través de archivos creados o comprimidos. • http://www.openwall.com/lists/oss-security/2024/03/08/2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1553 – Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
https://notcve.org/view.php?id=CVE-2024-1553
20 Feb 2024 — Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Errores de seguridad de la memoria presentes en Firefox 122, Firefox ESR 115.7 y Thunderbird 115.7. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-1552 – Mozilla: Incorrect code generation on 32-bit ARM devices
https://notcve.org/view.php?id=CVE-2024-1552
20 Feb 2024 — Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. La generación incorrecta de código podría haber provocado conversiones numéricas inesperadas y un posible comportamiento indefinido.*Nota:* Este problema solo afecta a los dispositivos ARM de 32 bits. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874502 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1551 – Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
https://notcve.org/view.php?id=CVE-2024-1551
20 Feb 2024 — Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Los encabezados de respuesta Set-Cookie se respetaban incorrectamente en las respuestas HTTP de varias partes. Si un atacante pudiera co... • https://bugzilla.mozilla.org/show_bug.cgi?id=1864385 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1550 – Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
https://notcve.org/view.php?id=CVE-2024-1550
20 Feb 2024 — A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Un sitio web malicioso podría haber utilizado una combinación de salir del modo de pantalla completa y `requestPointerLock` para provocar que el mouse del... • https://bugzilla.mozilla.org/show_bug.cgi?id=1860065 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1549 – Mozilla: Custom cursor could obscure the permission dialog
https://notcve.org/view.php?id=CVE-2024-1549
20 Feb 2024 — If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Si un sitio web configura un cursor personalizado grande, partes del cursor podrían haberse superpuesto con el cuadro de diálogo de permisos, lo que podría generar confusión en el usuario y permisos concedidos inesperados. Esta vulnera... • https://bugzilla.mozilla.org/show_bug.cgi?id=1833814 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1548 – Mozilla: Fullscreen Notification could have been hidden by select element
https://notcve.org/view.php?id=CVE-2024-1548
20 Feb 2024 — A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Un sitio web podría haber oscurecido la notificación de pantalla completa mediante el uso de un elemento de entrada de selección desplegable. Esto podría haber generado confusión en los usuarios y posibles ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1832627 • CWE-449: The UI Performs the Wrong Action •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-1547 – Mozilla: Alert dialog could have been spoofed on another site
https://notcve.org/view.php?id=CVE-2024-1547
20 Feb 2024 — Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. A través de una serie de llamadas API y redireccionamientos, se podría haber mostrado un cuadro de diálogo de alerta controlado por el atacante en otro sitio web (con la URL del sitio web de la víctima mostrada). Esta vulnerabilidad afecta a Firefox < 123,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1877879 • CWE-449: The UI Performs the Wrong Action •