Page 2 of 8842 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-0751 – Mozilla: Privilege escalation through devtools

https://notcve.org/view.php?id=CVE-2024-0751

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Se podría haber utilizado una extensión devtools maliciosa para escalar privilegios. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0751 https://bugzilla.redhat.com/show_bug.cgi?id=2259932 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-0750 – Mozilla: Potential permissions request bypass via clickjacking

https://notcve.org/view.php?id=CVE-2024-0750

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Un error en el cálculo del retraso de las notificaciones emergentes podría haber hecho posible que un atacante engañara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863083 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0750 https://bugzilla.redhat.com/show_bug.cgi?id=2259931 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-0749 – Mozilla: Phishing site popup could show local origin in address bar

https://notcve.org/view.php?id=CVE-2024-0749

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. Un sitio de phishing podría haber reutilizado un cuadro de diálogo "acerca de:" para mostrar contenido de phishing con un origen incorrecto en la barra de direcciones. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1813463 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0749 https://bugzilla.redhat.com/show_bug.cgi?id=2259930 • CWE-346: Origin Validation Error CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-0747 – Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

https://notcve.org/view.php?id=CVE-2024-0747

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Cuando una página principal cargaba una secundaria en un iframe con "unsafe-inline", la política de seguridad de contenido principal podría haber anulado la política de seguridad de contenido secundaria. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7. The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1764343 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0747 https://bugzilla.redhat.com/show_bug.cgi?id=2259929 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-0746 – Mozilla: Crash when listing printers on Linux

https://notcve.org/view.php?id=CVE-2024-0746

A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Un usuario de Linux que hubiera abierto el cuadro de diálogo de vista previa de impresión podría haber provocado que el navegador fallara. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A Linux user opening the print preview dialog could have caused the browser to crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1660223 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0746 https://bugzilla.redhat.com/show_bug.cgi?id=2259928 • CWE-20: Improper Input Validation •