CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22756 – Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable
https://notcve.org/view.php?id=CVE-2022-22756
14 Feb 2022 — If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si se convenciera a un usuario de arrastrar y soltar una imagen en su escritorio u otra carpeta, el objeto resultante podría haberse convertido en un script ejecutable que habría ejecutado código arbitrario... • https://bugzilla.mozilla.org/show_bug.cgi?id=1317873 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22763 – Mozilla: Script Execution during invalid object state
https://notcve.org/view.php?id=CVE-2022-22763
14 Feb 2022 — When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. Cuando se apaga un trabajador, era posible hacer que el script se ejecutara tarde en el ciclo de vida, en un punto posterior al que no debería ser posible. Esta vulnerabilidad afecta a Firefox < 96, Thunderbird< 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory... • https://bugzilla.mozilla.org/show_bug.cgi?id=1740534 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43529 – thunderbird: Memory corruption when processing S/MIME messages
https://notcve.org/view.php?id=CVE-2021-43529
28 Jan 2022 — Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable co... • https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-43529 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4126 – Debian Security Advisory 5034-1
https://notcve.org/view.php?id=CVE-2021-4126
21 Jan 2022 — When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. This vulnerab... • https://bugzilla.mozilla.org/show_bug.cgi?id=1732310 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22741 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-22741
13 Jan 2022 — When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al cambiar el tamaño de una ventana emergente mientras se solicita acceso a pantalla completa, la ventana emergente no podría salir del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1740389 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22742 – Mozilla: Out-of-bounds memory access when inserting text in edit mode
https://notcve.org/view.php?id=CVE-2022-22742
13 Jan 2022 — When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al insertar texto en el modo de edición, es posible que algunos caracteres hayan provocado un acceso a la memoria fuera de los límites, lo que provocó un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A... • https://bugzilla.mozilla.org/show_bug.cgi?id=1739923 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22743 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-22743
13 Jan 2022 — When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al navegar desde dentro de un iframe mientras se solicita acceso a pantalla completa, una pestaña controlada por un atacante podría haber impedido que el navegador saliera del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox &l... • https://bugzilla.mozilla.org/show_bug.cgi?id=1739220 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22745 – Mozilla: Leaking cross-origin URLs through securitypolicyviolation event
https://notcve.org/view.php?id=CVE-2022-22745
13 Jan 2022 — Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los eventos de violación de la política de seguridad podrían haber filtrado información de origen cruzado sobre violaciones de los ancestros del frame. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735856 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22747 – Mozilla: Crash when handling empty pkcs7 sequence
https://notcve.org/view.php?id=CVE-2022-22747
13 Jan 2022 — After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Después de aceptar un certificado que no es de confianza, manejar una secuencia pkcs7 vacía como parte de los datos del certificado podría haber provocado un bloqueo. Se cree que este accidente no es explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22751 – Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
https://notcve.org/view.php?id=CVE-2022-22751
13 Jan 2022 — Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los desarrolladores de Mozilla, Calixte Denizet, Ker... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •