CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43543 – Mozilla: Bypass of CSP sandbox directive when embedding
https://notcve.org/view.php?id=CVE-2021-43543
08 Dec 2021 — Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Los documentos cargados con la directiva CSP sandbox podrían escapar de la restricción de scripts del sandbox al insertar contenido adicional. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1738418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43536 – Mozilla: URL leakage when navigating while executing asynchronous function
https://notcve.org/view.php?id=CVE-2021-43536
08 Dec 2021 — Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. En determinadas circunstancias, las funciones asíncronas podrían haber causado el fallo de una navegación pero exponiendo la URL de destino. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 The Mozilla Fo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1730120 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43546 – Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed
https://notcve.org/view.php?id=CVE-2021-43546
08 Dec 2021 — It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Se han podido recrear ataques anteriores de suplantación del cursor contra usuarios con un cursor nativo ampliado. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 Multiple security issues were discovered in Firefox. I... • https://bugzilla.mozilla.org/show_bug.cgi?id=1737751 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43537 – Mozilla: Heap buffer overflow when using structured clone
https://notcve.org/view.php?id=CVE-2021-43537
08 Dec 2021 — An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Una conversión de tipo incorrecta de los tamaños de enteros de 64 bits a 32 bits permitía a un atacante corromper la memoria, conllevando a un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones an... • https://bugzilla.mozilla.org/show_bug.cgi?id=1738237 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2021-43542 – Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
https://notcve.org/view.php?id=CVE-2021-43542
08 Dec 2021 — Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Usando XMLHttpRequest, un atacante podría haber identificado aplicaciones instaladas sondeando los mensajes de error para cargar protocolos externos. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones an... • https://bugzilla.mozilla.org/show_bug.cgi?id=1723281 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43541 – Mozilla: External protocol handler parameters were unescaped
https://notcve.org/view.php?id=CVE-2021-43541
08 Dec 2021 — When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Cuando son invocados manejadores de protocolo para protocolos externos, una URL de parámetro suministrada que contenía espacios no se escapaba correctamente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteri... • https://bugzilla.mozilla.org/show_bug.cgi?id=1696685 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2021-43545 – Mozilla: Denial of Service when using the Location API in a loop
https://notcve.org/view.php?id=CVE-2021-43545
08 Dec 2021 — Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. El uso de la API de localización en un bucle podría haber causado graves cuelgues y bloqueos de la aplicación. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 USN-5186-1 fixed vulnerabilities in Firefox. The update introduced severa... • https://bugzilla.mozilla.org/show_bug.cgi?id=1720926 • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43539 – Mozilla: GC rooting failure when calling wasm instance methods
https://notcve.org/view.php?id=CVE-2021-43539
08 Dec 2021 — Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Un fallo en el registro correcto de la ubicación de los punteros vivos a través de las llamadas a instancias de wasm daba lugar a que una GC que ocurría dentro de la llamada no rast... • https://bugzilla.mozilla.org/show_bug.cgi?id=1739683 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29991 – Ubuntu Security Notice USN-5248-1
https://notcve.org/view.php?id=CVE-2021-29991
03 Nov 2021 — Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. Firefox aceptaba incorrectamente una nueva línea en un encabezado HTTP/3, interpretándola como dos encabezados separados. Esto permitía un ataque de división de encabezados contra servidores que usaban HTTP/3. • https://bugzilla.mozilla.org/show_bug.cgi?id=1724896 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-38492 – Gentoo Linux Security Advisory 202208-14
https://notcve.org/view.php?id=CVE-2021-38492
03 Nov 2021 — When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. Cuando se delegaba la navegación al sistema operativo, Firefox aceptaba el esquema "mk" que podía perm... • https://bugzilla.mozilla.org/show_bug.cgi?id=1721107 •