CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43539 – Mozilla: GC rooting failure when calling wasm instance methods
https://notcve.org/view.php?id=CVE-2021-43539
08 Dec 2021 — Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Un fallo en el registro correcto de la ubicación de los punteros vivos a través de las llamadas a instancias de wasm daba lugar a que una GC que ocurría dentro de la llamada no rast... • https://bugzilla.mozilla.org/show_bug.cgi?id=1739683 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43541 – Mozilla: External protocol handler parameters were unescaped
https://notcve.org/view.php?id=CVE-2021-43541
08 Dec 2021 — When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Cuando son invocados manejadores de protocolo para protocolos externos, una URL de parámetro suministrada que contenía espacios no se escapaba correctamente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteri... • https://bugzilla.mozilla.org/show_bug.cgi?id=1696685 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43542 – Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
https://notcve.org/view.php?id=CVE-2021-43542
08 Dec 2021 — Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Usando XMLHttpRequest, un atacante podría haber identificado aplicaciones instaladas sondeando los mensajes de error para cargar protocolos externos. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones an... • https://bugzilla.mozilla.org/show_bug.cgi?id=1723281 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43543 – Mozilla: Bypass of CSP sandbox directive when embedding
https://notcve.org/view.php?id=CVE-2021-43543
08 Dec 2021 — Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Los documentos cargados con la directiva CSP sandbox podrían escapar de la restricción de scripts del sandbox al insertar contenido adicional. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1738418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43545 – Mozilla: Denial of Service when using the Location API in a loop
https://notcve.org/view.php?id=CVE-2021-43545
08 Dec 2021 — Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. El uso de la API de localización en un bucle podría haber causado graves cuelgues y bloqueos de la aplicación. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 USN-5186-1 fixed vulnerabilities in Firefox. The update introduced severa... • https://bugzilla.mozilla.org/show_bug.cgi?id=1720926 • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43546 – Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed
https://notcve.org/view.php?id=CVE-2021-43546
08 Dec 2021 — It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Se han podido recrear ataques anteriores de suplantación del cursor contra usuarios con un cursor nativo ampliado. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 Multiple security issues were discovered in Firefox. I... • https://bugzilla.mozilla.org/show_bug.cgi?id=1737751 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-38492 – Gentoo Linux Security Advisory 202208-14
https://notcve.org/view.php?id=CVE-2021-38492
03 Nov 2021 — When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. Cuando se delegaba la navegación al sistema operativo, Firefox aceptaba el esquema "mk" que podía perm... • https://bugzilla.mozilla.org/show_bug.cgi?id=1721107 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38495 – Gentoo Linux Security Advisory 202208-14
https://notcve.org/view.php?id=CVE-2021-38495
03 Nov 2021 — Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Thunderbird versión 78.13.0. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con s... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2021-38503 – Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
https://notcve.org/view.php?id=CVE-2021-38503
03 Nov 2021 — The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Las reglas del sandbox de iframe no se aplicaban correctamente a las hojas de estilo XSLT, permitiendo a un iframe omitir restricciones como la ejecución de scripts o la navegación por el marco de nivel superior. Esta vulnerabilidad afecta a Firefox v... • https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38504 – Mozilla: Use-after-free in file picker dialog
https://notcve.org/view.php?id=CVE-2021-38504
03 Nov 2021 — When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Cuando se interactúa con el diálogo del selector de archivos de un elemento de entrada HTML con webkitdirectory configurado, podría haberse producido un uso de memoria previamente liberada, conllevando a una corrupción de memoria y ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1730156 • CWE-416: Use After Free •