CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38477 – Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
https://notcve.org/view.php?id=CVE-2022-38477
25 Aug 2022 — Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104. La desarrolladora de Mozilla, Nika Layzell, y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en F... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38472 – Mozilla: Address bar spoofing via XSLT error handling
https://notcve.org/view.php?id=CVE-2022-38472
25 Aug 2022 — An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Un atacante podría haber abusado del manejo de errores XSLT para asociar contenido controlado por el atacante con otro origen que se m... • https://bugzilla.mozilla.org/show_bug.cgi?id=1769155 • CWE-346: Origin Validation Error CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-38478 – Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13
https://notcve.org/view.php?id=CVE-2022-38478
25 Aug 2022 — Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Los miembros del equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes e... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-38473 – Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions
https://notcve.org/view.php?id=CVE-2022-38473
25 Aug 2022 — A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Un iframe de origen cruzado que haga referencia a un documento XSLT heredaría los permisos del dominio principal (como el acceso al micrófono o la cámara). Esta vulnerabilidad afecta a Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR &... • https://bugzilla.mozilla.org/show_bug.cgi?id=1771685 • CWE-281: Improper Preservation of Permissions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38476 – Mozilla: Data race and potential use-after-free in PK11_ChangePW
https://notcve.org/view.php?id=CVE-2022-38476
25 Aug 2022 — A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2. Podría producirse una carrera de datos en la función PK11_ChangePW, lo que podría provocar una vulnerabilidad de use-after-free. En Firefox, este bloqueo protegía los datos cuando un usuario cambiaba su contraseña maestr... • https://bugzilla.mozilla.org/show_bug.cgi?id=1760998 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2021-4129 – Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
https://notcve.org/view.php?id=CVE-2021-4129
10 Aug 2022 — Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. Los desarrolladores de Mozilla y miembros de la comunidad Julian Hector, Ra... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34478 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34478
10 Aug 2022 — The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.
*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnera... • https://bugzilla.mozilla.org/show_bug.cgi?id=1773717 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2505 – Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
https://notcve.org/view.php?id=CVE-2022-2505
29 Jul 2022 — Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Los desarrolladores de Mozilla y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 102. Algunos de estos errores mostraron ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1769739%2C1772824 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36319 – Mozilla: Mouse Position spoofing with CSS transforms
https://notcve.org/view.php?id=CVE-2022-36319
28 Jul 2022 — When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al combinar propiedades CSS para desbordamiento y transformación, el cursor del mouse podría interactuar con coordenadas diferentes a las mostradas. Esta vulnerabilidad afecta a Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thund... • https://bugzilla.mozilla.org/show_bug.cgi?id=1737722 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36318 – Mozilla: Directory indexes for bundled resources reflected URL parameters
https://notcve.org/view.php?id=CVE-2022-36318
28 Jul 2022 — When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al visitar listados de directorios para URL `chrome://` como texto fuente, se reflejaron algunos parámetros. Esta vulnerabilidad afecta a Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird< 102.1 y Thunderbird < 91.12. A flaw was found in Mozilla.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1771774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •