Page 20 of 1077 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. • https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29548 https://bugzilla.redhat.com/show_bug.cgi?id=2186110 • CWE-682: Incorrect Calculation •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a combination of `window.open`, fullscreen requests, `window.name` assignments, and `setInterval` calls. This could have led to user confusion and possible spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1798219 https://bugzilla.mozilla.org/show_bug.cgi?id=1814597 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29533 https://bugzilla.redhat.com/show_bug.cgi?id=2186101 • CWE-425: Direct Request ('Forced Browsing') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. • https://bugzilla.mozilla.org/show_bug.cgi?id=1814899 https://www.mozilla.org/security/advisories/mfsa2023-09 https://www.mozilla.org/security/advisories/mfsa2023-10 https://www.mozilla.org/security/advisories/mfsa2023-11 https://access.redhat.com/security/cve/CVE-2023-25751 https://bugzilla.redhat.com/show_bug.cgi?id=2178458 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when accessing throttled streams, the count of available bytes needs to be checked in the calling function to be within bounds. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 https://www.mozilla.org/security/advisories/mfsa2023-09 https://www.mozilla.org/security/advisories/mfsa2023-10 https://www.mozilla.org/security/advisories/mfsa2023-11 https://access.redhat.com/security/cve/CVE-2023-25752 https://bugzilla.redhat.com/show_bug.cgi?id=2178460 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811327 https://www.mozilla.org/security/advisories/mfsa2023-09 https://www.mozilla.org/security/advisories/mfsa2023-10 https://www.mozilla.org/security/advisories/mfsa2023-11 https://access.redhat.com/security/cve/CVE-2023-28162 https://bugzilla.redhat.com/show_bug.cgi?id=2178466 • CWE-704: Incorrect Type Conversion or Cast •