CVE-2023-29547
https://notcve.org/view.php?id=CVE-2023-29547
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1783536 https://www.mozilla.org/security/advisories/mfsa2023-13 •
CVE-2023-25734
https://notcve.org/view.php?id=CVE-2023-25734
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784451 https://bugzilla.mozilla.org/show_bug.cgi?id=1809923 https://bugzilla.mozilla.org/show_bug.cgi?id=1810143 https://bugzilla.mozilla.org/show_bug.cgi?id=1812338 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 •
CVE-2023-25738
https://notcve.org/view.php?id=CVE-2023-25738
Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811852 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 • CWE-125: Out-of-bounds Read •
CVE-2023-32205 – Mozilla: Browser prompts could have been obscured by popups
https://notcve.org/view.php?id=CVE-2023-32205
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1753339 https://bugzilla.mozilla.org/show_bug.cgi?id=1753341 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32205 https://bugzilla.redhat.com/show_bug.cgi?id=2196736 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVE-2023-32206 – Mozilla: Crash in RLBox Expat driver
https://notcve.org/view.php?id=CVE-2023-32206
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led to a crash in the RLBox Expat driver. • https://bugzilla.mozilla.org/show_bug.cgi?id=1824892 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32206 https://bugzilla.redhat.com/show_bug.cgi?id=2196737 • CWE-125: Out-of-bounds Read •