CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23600 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2023-23600
03 May 2023 — Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 109. • https://bugzilla.mozilla.org/show_bug.cgi?id=1787034 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29550 – Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
https://notcve.org/view.php?id=CVE-2023-29550
13 Apr 2023 — Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozi... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29543 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29543
12 Apr 2023 — An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1816158 • CWE-116: Improper Encoding or Escaping of Output CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29549 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29549
12 Apr 2023 — Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensiti... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823042 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29548 – Mozilla: Incorrect optimization result on ARM64
https://notcve.org/view.php?id=CVE-2023-29548
12 Apr 2023 — A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several... • https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 • CWE-682: Incorrect Calculation •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29540 – Ubuntu Security Notice USN-6010-2
https://notcve.org/view.php?id=CVE-2023-29540
12 Apr 2023 — Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. • https://bugzilla.mozilla.org/show_bug.cgi?id=1790542 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29538 – Ubuntu Security Notice USN-6010-2
https://notcve.org/view.php?id=CVE-2023-29538
12 Apr 2023 — Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1685403 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29533 – Mozilla: Fullscreen notification obscured
https://notcve.org/view.php?id=CVE-2023-29533
12 Apr 2023 — A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured t... • https://bugzilla.mozilla.org/show_bug.cgi?id=1798219 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29535 – Mozilla: Potential Memory Corruption following Garbage Collector compaction
https://notcve.org/view.php?id=CVE-2023-29535
12 Apr 2023 — Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted... • https://bugzilla.mozilla.org/show_bug.cgi?id=1820543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29536 – Mozilla: Invalid free from JavaScript code
https://notcve.org/view.php?id=CVE-2023-29536
12 Apr 2023 — An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled... • https://bugzilla.mozilla.org/show_bug.cgi?id=1821959 • CWE-416: Use After Free CWE-617: Reachable Assertion •