CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45421 – Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
https://notcve.org/view.php?id=CVE-2022-45421
16 Nov 2022 — Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs pre... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1767920%2C1789808%2C1794061 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45410 – Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy
https://notcve.org/view.php?id=CVE-2022-45410
16 Nov 2022 — When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Cuando un ServiceWorker interceptó una solicitud con FetchEvent, el origen de la solicitud se perdió después de que ServiceWorker tomó posesión... • https://bugzilla.mozilla.org/show_bug.cgi?id=1658869 • CWE-862: Missing Authorization CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45415 – Gentoo Linux Security Advisory 202211-06
https://notcve.org/view.php?id=CVE-2022-45415
16 Nov 2022 — When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1793551 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3266 – Mozilla: Out of bounds read when decoding H264
https://notcve.org/view.php?id=CVE-2022-3266
12 Nov 2022 — An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Puede ocurrir una lectura fuera de los límites al decodificar video H264. Esto da como resultado un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767360 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42930 – Gentoo Linux Security Advisory 202210-34
https://notcve.org/view.php?id=CVE-2022-42930
01 Nov 2022 — If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. Si dos trabajadores inicializaran simultáneamente su CacheStorage, podría haberse producido una "carrera" de datos en el componente 'ThirdPartyUtil'. Esta vulnerabilidad afecta a Firefox < 106. Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789503 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42931 – Ubuntu Security Notice USN-5709-1
https://notcve.org/view.php?id=CVE-2022-42931
01 Nov 2022 — Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. Los inicios de sesión guardados por Firefox deben ser administrados por el componente Administrador de contraseñas, que utiliza cifrado para guardar archivos en el disco. En cambio, el Administrador de formularios guardó el nombre de usuario (no la c... • https://bugzilla.mozilla.org/show_bug.cgi?id=1780571 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42927 – Mozilla: Same-origin policy violation could have leaked cross-origin URLs
https://notcve.org/view.php?id=CVE-2022-42927
20 Oct 2022 — A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Una infracción de la política del mismo origen podría haber permitido el robo de entradas de URL de origen cruzado, filtrando el resultado de una redirección, a través de 'performance.getEntries()'. Esta vulnerabilidad afecta a Firefox < 106, Firefox ESR < 102.4 ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1789128 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42928 – Mozilla: Memory Corruption in JS Engine
https://notcve.org/view.php?id=CVE-2022-42928
20 Oct 2022 — Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. A ciertos tipos de asignaciones les faltaban anotaciones que, si el recolector de elementos no utilizados estaba en un estado específico, podrían haber provocado daños en la memoria y un bloqueo potencialmente explotable. Esta vulnerabilida... • https://bugzilla.mozilla.org/show_bug.cgi?id=1791520 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42932 – Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4
https://notcve.org/view.php?id=CVE-2022-42932
20 Oct 2022 — Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Los desarrolladores de Mozilla Ashley Hale y el equipo de Mozilla Fuzzing informaron errores de seguridad de memoria presentes en Fi... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789729%2C1791363%2C1792041 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42929 – Mozilla: Denial of Service via window.print
https://notcve.org/view.php?id=CVE-2022-42929
20 Oct 2022 — If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Si un sitio web se llama 'window.print()' de una manera particular, podría causar una denegación de servicio del navegador, que puede persistir más allá del reinicio del navegador dependiendo de la configuración de restaurac... • https://bugzilla.mozilla.org/show_bug.cgi?id=1789439 • CWE-400: Uncontrolled Resource Consumption •