CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40956 – Mozilla: Content-Security-Policy base-uri bypass
https://notcve.org/view.php?id=CVE-2022-40956
26 Sep 2022 — When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Al inyectar un elemento base HTML, algunas solicitudes ignorarían la configuración de uri base del CSP y aceptarían la base del elemento inyectado. Esta vulnerabilidad afecta a Firefox ESR < 102.3, Thunderbird < 102.3 y Firefox < 105. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40962 – Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
https://notcve.org/view.php?id=CVE-2022-40962
26 Sep 2022 — Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Los desarrolladores de Mozilla, Nika Layzell, Timothy Nikkel, Sebastian Hengst,... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1776655%2C1777574%2C1784835%2C1785109%2C1786502%2C1789440 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40957 – Mozilla: Incoherent instruction cache when building WASM on ARM64
https://notcve.org/view.php?id=CVE-2022-40957
26 Sep 2022 — Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Los datos inconsistentes en las instrucciones y en el caché de datos al crear código wasm podrían provocar un fallo potencialmente explotable.<br>*Este error solo afecta a Firefox en plataformas ARM64.*. • https://bugzilla.mozilla.org/show_bug.cgi?id=1777604 • CWE-240: Improper Handling of Inconsistent Structural Elements •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36314 – SUSE Security Advisory - SUSE-SU-2022:3396-1
https://notcve.org/view.php?id=CVE-2022-36314
15 Sep 2022 — When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Al abrir un acceso directo de Windows desde el sistema de archivos local, un atacante podría proporcionar una ruta remota que generaría solicitudes de red inesperad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-38478 – Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13
https://notcve.org/view.php?id=CVE-2022-38478
25 Aug 2022 — Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Los miembros del equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes e... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38476 – Mozilla: Data race and potential use-after-free in PK11_ChangePW
https://notcve.org/view.php?id=CVE-2022-38476
25 Aug 2022 — A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2. Podría producirse una carrera de datos en la función PK11_ChangePW, lo que podría provocar una vulnerabilidad de use-after-free. En Firefox, este bloqueo protegía los datos cuando un usuario cambiaba su contraseña maestr... • https://bugzilla.mozilla.org/show_bug.cgi?id=1760998 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-38473 – Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions
https://notcve.org/view.php?id=CVE-2022-38473
25 Aug 2022 — A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Un iframe de origen cruzado que haga referencia a un documento XSLT heredaría los permisos del dominio principal (como el acceso al micrófono o la cámara). Esta vulnerabilidad afecta a Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR &... • https://bugzilla.mozilla.org/show_bug.cgi?id=1771685 • CWE-281: Improper Preservation of Permissions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38477 – Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
https://notcve.org/view.php?id=CVE-2022-38477
25 Aug 2022 — Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104. La desarrolladora de Mozilla, Nika Layzell, y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en F... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2021-4129 – Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
https://notcve.org/view.php?id=CVE-2021-4129
10 Aug 2022 — Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. Los desarrolladores de Mozilla y miembros de la comunidad Julian Hector, Ra... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2505 – Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
https://notcve.org/view.php?id=CVE-2022-2505
29 Jul 2022 — Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Los desarrolladores de Mozilla y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 102. Algunos de estos errores mostraron ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1769739%2C1772824 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •