CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45416 – Mozilla: Keystroke Side-Channel Leakage
https://notcve.org/view.php?id=CVE-2022-45416
16 Nov 2022 — Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Los eventos de teclado hacen referencia a cadenas como "KeyA" que estaban en direcciones fijas, conocidas y ampliamente distribuidas. Los ataques de sincronización basados en caché, como Prime+Probe, posiblemente... • https://bugzilla.mozilla.org/show_bug.cgi?id=1793676 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45419 – Gentoo Linux Security Advisory 202211-06
https://notcve.org/view.php?id=CVE-2022-45419
16 Nov 2022 — If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107. Si el usuario agregó una excepción de seguridad para un certificado TLS no válido, abrió una conexión TLS en curso con un servidor que usaba ese certificado y luego eliminó la excepción, Fire... • https://bugzilla.mozilla.org/show_bug.cgi?id=1716082 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45407 – Gentoo Linux Security Advisory 202211-06
https://notcve.org/view.php?id=CVE-2022-45407
16 Nov 2022 — If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107. Si un atacante cargó una fuente usando <code>FontFace()</code> en un trabajador en segundo plano, podría haberse producido un use after free, lo que habría provocado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 107. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1793314 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45406 – Mozilla: Use-after-free of a JavaScript Realm
https://notcve.org/view.php?id=CVE-2022-45406
16 Nov 2022 — If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. The Mozilla Foundation Security Advisory describes this flaw as: If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references t... • https://bugzilla.mozilla.org/show_bug.cgi?id=1791975 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45415 – Gentoo Linux Security Advisory 202211-06
https://notcve.org/view.php?id=CVE-2022-45415
16 Nov 2022 — When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1793551 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45413 – Gentoo Linux Security Advisory 202211-06
https://notcve.org/view.php?id=CVE-2022-45413
16 Nov 2022 — Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791201 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3266 – Mozilla: Out of bounds read when decoding H264
https://notcve.org/view.php?id=CVE-2022-3266
12 Nov 2022 — An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Puede ocurrir una lectura fuera de los límites al decodificar video H264. Esto da como resultado un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767360 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42930 – Gentoo Linux Security Advisory 202210-34
https://notcve.org/view.php?id=CVE-2022-42930
01 Nov 2022 — If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. Si dos trabajadores inicializaran simultáneamente su CacheStorage, podría haberse producido una "carrera" de datos en el componente 'ThirdPartyUtil'. Esta vulnerabilidad afecta a Firefox < 106. Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789503 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42931 – Ubuntu Security Notice USN-5709-1
https://notcve.org/view.php?id=CVE-2022-42931
01 Nov 2022 — Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. Los inicios de sesión guardados por Firefox deben ser administrados por el componente Administrador de contraseñas, que utiliza cifrado para guardar archivos en el disco. En cambio, el Administrador de formularios guardó el nombre de usuario (no la c... • https://bugzilla.mozilla.org/show_bug.cgi?id=1780571 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42932 – Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4
https://notcve.org/view.php?id=CVE-2022-42932
20 Oct 2022 — Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Los desarrolladores de Mozilla Ashley Hale y el equipo de Mozilla Fuzzing informaron errores de seguridad de memoria presentes en Fi... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789729%2C1791363%2C1792041 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •