Page 23 of 543 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-37207 – Mozilla: Fullscreen notification obscured

https://notcve.org/view.php?id=CVE-2023-37207

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1816287 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-290: Authentication Bypass by Spoofing CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-37202 – Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

https://notcve.org/view.php?id=CVE-2023-37202

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. • https://bugzilla.mozilla.org/show_bug.cgi?id=1834711 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-37201 – Mozilla: Use-after-free in WebRTC certificate generation

https://notcve.org/view.php?id=CVE-2023-37201

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826002 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-29546

https://notcve.org/view.php?id=CVE-2023-29546

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780842 https://www.mozilla.org/security/advisories/mfsa2023-13 •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-29534

https://notcve.org/view.php?id=CVE-2023-29534

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1816007 https://bugzilla.mozilla.org/show_bug.cgi?id=1816059 https://bugzilla.mozilla.org/show_bug.cgi?id=1821155 https://bugzilla.mozilla.org/show_bug.cgi?id=1821576 https://bugzilla.mozilla.org/show_bug.cgi? •