CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32215 – Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
https://notcve.org/view.php?id=CVE-2023-32215
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32215 https://bugzilla.redhat.com/show_bug.cgi?id=2196753 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32205 – Mozilla: Browser prompts could have been obscured by popups
https://notcve.org/view.php?id=CVE-2023-32205
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1753339 https://bugzilla.mozilla.org/show_bug.cgi?id=1753341 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32205 https://bugzilla.redhat.com/show_bug.cgi?id=2196736 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32212 – Mozilla: Potential spoof due to obscured address bar
https://notcve.org/view.php?id=CVE-2023-32212
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have positioned a `datalist` element to obscure the address bar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826622 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32212 https://bugzilla.redhat.com/show_bug.cgi?id=2196741 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0547 – Thunderbird: Revocation status of S/Mime recipient certificates was not checked
https://notcve.org/view.php?id=CVE-2023-0547
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811298 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-0547 https://bugzilla.redhat.com/show_bug.cgi?id=2186734 • CWE-295: Improper Certificate Validation CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1945 – Mozilla: Memory Corruption in Safe Browsing Code
https://notcve.org/view.php?id=CVE-2023-1945
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1777588 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-1945 https://bugzilla.redhat.com/show_bug.cgi?id=2186109 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •