CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2021-38508 – Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
https://notcve.org/view.php?id=CVE-2021-38508
03 Nov 2021 — By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Al mostrar un mensaje de comprobación del formulario en la ubicación correcta al mismo tiempo que una solicitud de permiso (como para la geolocalización), el mensaje d... • https://bugzilla.mozilla.org/show_bug.cgi?id=1366818 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38504 – Mozilla: Use-after-free in file picker dialog
https://notcve.org/view.php?id=CVE-2021-38504
03 Nov 2021 — When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Cuando se interactúa con el diálogo del selector de archivos de un elemento de entrada HTML con webkitdirectory configurado, podría haberse producido un uso de memoria previamente liberada, conllevando a una corrupción de memoria y ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1730156 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38503 – Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
https://notcve.org/view.php?id=CVE-2021-38503
03 Nov 2021 — The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Las reglas del sandbox de iframe no se aplicaban correctamente a las hojas de estilo XSLT, permitiendo a un iframe omitir restricciones como la ejecución de scripts o la navegación por el marco de nivel superior. Esta vulnerabilidad afecta a Firefox v... • https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 2%CPEs: 6EXPL: 0CVE-2021-38509 – Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain
https://notcve.org/view.php?id=CVE-2021-38509
03 Nov 2021 — Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Debido a una secuencia inusual de eventos controlados por el atacante, un diálogo Javascript alert() con contenido arbitrario (aunque sin estilo) podría mostrarse encima de una página web no controlada de la elección ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1718571 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38500 – Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
https://notcve.org/view.php?id=CVE-2021-38500
11 Oct 2021 — Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 92 y Firefox ESR 91.1. Algunos de estos b... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1725854%2C1728321 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38498 – Mozilla: Use-after-free of nsLanguageAtomService object
https://notcve.org/view.php?id=CVE-2021-38498
11 Oct 2021 — During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Durante el cierre del proceso, un documento podría haber causado un uso de memoria previamente liberada de un objeto de servicio de idiomas, conllevando a una corrupción de memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox v... • https://bugzilla.mozilla.org/show_bug.cgi?id=1729642 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38496 – Mozilla: Use-after-free in MessageTask
https://notcve.org/view.php?id=CVE-2021-38496
11 Oct 2021 — During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. Durante las operaciones en MessageTasks, una tarea puede haber sido eliminada mientras todavía estaba programada, resultando en una corrupción de memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1725335 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38497 – Mozilla: Validation message could have been overlaid on another origin
https://notcve.org/view.php?id=CVE-2021-38497
11 Oct 2021 — Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Mediante el uso de las funciones reportValidity() y window.open(), un mensaje de comprobación de texto plano podría haberse superpuesto a otro origen, conllevando una posible confusión del usuario y ataques de suplantación. Esta vulnerabilidad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1726621 • CWE-346: Origin Validation Error CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38501 – Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
https://notcve.org/view.php?id=CVE-2021-38501
11 Oct 2021 — Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 92 y Firefox ESR 91.1. Algunos de estos bugs mostraban evidencias de corrupción de ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685354%2C1715755%2C1723176 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38493 – Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://notcve.org/view.php?id=CVE-2021-38493
13 Sep 2021 — Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox versión 91 y Firefox ESR versión 78.13. Algunos de estos bugs mostraban evidenci... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •