CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25744 – Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
https://notcve.org/view.php?id=CVE-2023-25744
Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://access.redhat.com/security/cve/CVE-2023-25744 https://bugzilla.redhat.com/show_bug.cgi?id=2170391 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25729 – Mozilla: Extensions could have opened external schemes without user knowledge
https://notcve.org/view.php?id=CVE-2023-25729
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for `ContentPrincipals` resulting in extensions being able to open them without user interaction via `ExpandedPrincipals`. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. • https://bugzilla.mozilla.org/show_bug.cgi?id=1792138 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 https://access.redhat.com/security/cve/CVE-2023-25729 https://bugzilla.redhat.com/show_bug.cgi?id=2170382 • CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25735 – Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey
https://notcve.org/view.php?id=CVE-2023-25735
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1810711 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 https://access.redhat.com/security/cve/CVE-2023-25735 https://bugzilla.redhat.com/show_bug.cgi?id=2170378 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0767 – nss: Arbitrary memory write via PKCS 12
https://notcve.org/view.php?id=CVE-2023-0767
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. • https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html https://bugzilla.mozilla.org/show_bug.cgi?id=1804640 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 https://access.redhat.com/security/cve/CVE-2023-0767 https://bugzilla.redhat.com/show_bug.cgi?id=2170377 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25739 – Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
https://notcve.org/view.php?id=CVE-2023-25739
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in `ScriptLoadContext`. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811939 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 https://access.redhat.com/security/cve/CVE-2023-25739 https://bugzilla.redhat.com/show_bug.cgi?id=2170381 • CWE-416: Use After Free •