CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1802 – Mozilla Firefox Top-Level Await Prototype Pollution Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-1802
This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. ... Esta vulnerabilidad afecta a Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox para Android < 100.3.0 y Thunderbird < 91.9.1. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. • https://github.com/mistymntncop/CVE-2022-1802 https://bugzilla.mozilla.org/show_bug.cgi?id=1770137 https://www.mozilla.org/security/advisories/mfsa2022-19 https://access.redhat.com/security/cve/CVE-2022-1802 https://bugzilla.redhat.com/show_bug.cgi?id=2089217 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1529 – Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-1529
This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. ... Esta vulnerabilidad afecta a Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox para Android < 100.3.0 y Thunderbird < 91.9.1. ... This vulnerability allows local attackers to escape the sandbox on affected installations of Mozilla Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 https://www.mozilla.org/security/advisories/mfsa2022-19 https://access.redhat.com/security/cve/CVE-2022-1529 https://bugzilla.redhat.com/show_bug.cgi?id=2089218 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29955
https://notcve.org/view.php?id=CVE-2021-29955
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. Una vulnerabilidad de ejecución transitoria, denominada Floating Point Value Injection (FPVI) permitía a un atacante filtrar direcciones de memoria arbitrarias y también podría haber permitido ataques de confusión de tipo JIT. ... Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.9 y Firefox versiones anteriores a 87 • https://bugzilla.mozilla.org/show_bug.cgi?id=1692972 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23954 – Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements
https://notcve.org/view.php?id=CVE-2021-23954
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Usando los nuevos operadores de asignación lógica en una declaración de cambio de JavaScript podría haber causado una confusión de tipos, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 85, Thunderbird versiones anteriores a 78,7 y Firefox ESR versiones anteriores a 78,7 The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1684020 https://www.mozilla.org/security/advisories/mfsa2021-03 https://www.mozilla.org/security/advisories/mfsa2021-04 https://www.mozilla.org/security/advisories/mfsa2021-05 https://access.redhat.com/security/cve/CVE-2021-23954 https://bugzilla.redhat.com/show_bug.cgi?id=1920648 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15656 – Mozilla: Type confusion for special arguments in IonMonkey
https://notcve.org/view.php?id=CVE-2020-15656
This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. ... Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.1, Firefox versiones anteriores a 79 y Thunderbird versiones anteriores a 78.1 • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1647293 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 https://access.redhat.com/security/cve/CVE-2020-15656 https://bugzilla.redhat.com/show_bug.cgi?id=1861646 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •