CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29533 – Mozilla: Fullscreen notification obscured
https://notcve.org/view.php?id=CVE-2023-29533
12 Apr 2023 — A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured t... • https://bugzilla.mozilla.org/show_bug.cgi?id=1798219 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29535 – Mozilla: Potential Memory Corruption following Garbage Collector compaction
https://notcve.org/view.php?id=CVE-2023-29535
12 Apr 2023 — Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted... • https://bugzilla.mozilla.org/show_bug.cgi?id=1820543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29536 – Mozilla: Invalid free from JavaScript code
https://notcve.org/view.php?id=CVE-2023-29536
12 Apr 2023 — An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled... • https://bugzilla.mozilla.org/show_bug.cgi?id=1821959 • CWE-416: Use After Free CWE-617: Reachable Assertion •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29538 – Ubuntu Security Notice USN-6010-2
https://notcve.org/view.php?id=CVE-2023-29538
12 Apr 2023 — Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1685403 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29539 – Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-29539
12 Apr 2023 — When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Dis... • https://bugzilla.mozilla.org/show_bug.cgi?id=1784348 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29540 – Ubuntu Security Notice USN-6010-2
https://notcve.org/view.php?id=CVE-2023-29540
12 Apr 2023 — Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. • https://bugzilla.mozilla.org/show_bug.cgi?id=1790542 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29541 – Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
https://notcve.org/view.php?id=CVE-2023-29541
12 Apr 2023 — Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands.
*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory d... • https://bugzilla.mozilla.org/show_bug.cgi?id=1810191 • CWE-116: Improper Encoding or Escaping of Output CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29543 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29543
12 Apr 2023 — An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1816158 • CWE-116: Improper Encoding or Escaping of Output CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29548 – Mozilla: Incorrect optimization result on ARM64
https://notcve.org/view.php?id=CVE-2023-29548
12 Apr 2023 — A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several... • https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29549 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29549
12 Apr 2023 — Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensiti... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823042 • CWE-326: Inadequate Encryption Strength •