CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6864 – Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
https://notcve.org/view.php?id=CVE-2023-6864
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Errores de seguridad de la memoria presentes en Firefox 120, Firefox ESR 115.5 y Thunderbird 115.5. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736385%2C1810805%2C1846328%2C1856090%2C1858033%2C1858509%2C1862089%2C1862777%2C1864015 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6863 – Mozilla: Undefined behavior in <code>ShutdownObserver()</code>
https://notcve.org/view.php?id=CVE-2023-6863
The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El `ShutdownObserver()` era susceptible a un comportamiento potencialmente indefinido debido a su dependencia de un tipo dinámico que carecía de un destructor virtual. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121. The Mozilla Foundation Security Advisory describes this flaw as: The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. • https://bugzilla.mozilla.org/show_bug.cgi?id=1868901 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mfsa2023-56 https://access.redhat.com/security/cve/CVE-2023-6863 https://bugzilla.redhat.com/show_bug.cgi?id=2255369 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6862 – Mozilla: Use-after-free in <code>nsDNSService</code>
https://notcve.org/view.php?id=CVE-2023-6862
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. Se identificó un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. • https://bugzilla.mozilla.org/show_bug.cgi?id=1868042 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://access.redhat.com/security/cve/CVE- • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6861 – Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode
https://notcve.org/view.php?id=CVE-2023-6861
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El método `nsWindow::PickerOpen(void)` era susceptible a un desbordamiento de búfer de almacenamiento dinámico cuando se ejecutaba en modo headless. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121. The Mozilla Foundation Security Advisory describes this flaw as: The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. • https://bugzilla.mozilla.org/show_bug.cgi?id=1864118 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6860 – Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
https://notcve.org/view.php?id=CVE-2023-6860
The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El "VideoBridge" permitía que cualquier proceso de contenido utilizara texturas producidas por decodificadores remotos. Se podría abusar de esto para escapar de la sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1854669 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mf • CWE-20: Improper Input Validation •