CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38496 – Mozilla: Use-after-free in MessageTask
https://notcve.org/view.php?id=CVE-2021-38496
11 Oct 2021 — During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. Durante las operaciones en MessageTasks, una tarea puede haber sido eliminada mientras todavía estaba programada, resultando en una corrupción de memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1725335 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38497 – Mozilla: Validation message could have been overlaid on another origin
https://notcve.org/view.php?id=CVE-2021-38497
11 Oct 2021 — Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Mediante el uso de las funciones reportValidity() y window.open(), un mensaje de comprobación de texto plano podría haberse superpuesto a otro origen, conllevando una posible confusión del usuario y ataques de suplantación. Esta vulnerabilidad... • https://bugzilla.mozilla.org/show_bug.cgi?id=1726621 • CWE-346: Origin Validation Error CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38501 – Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
https://notcve.org/view.php?id=CVE-2021-38501
11 Oct 2021 — Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 92 y Firefox ESR 91.1. Algunos de estos bugs mostraban evidencias de corrupción de ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685354%2C1715755%2C1723176 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38493 – Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://notcve.org/view.php?id=CVE-2021-38493
13 Sep 2021 — Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox versión 91 y Firefox ESR versión 78.13. Algunos de estos bugs mostraban evidenci... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40529 – Gentoo Linux Security Advisory 202208-14
https://notcve.org/view.php?id=CVE-2021-40529
06 Sep 2021 — The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Una implementación de ElGamal en Botan versiones hasta 2.18.1, tal y como se usa en Thunderbird ... • https://eprint.iacr.org/2021/923 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29981 – Ubuntu Security Notice USN-5248-1
https://notcve.org/view.php?id=CVE-2021-29981
17 Aug 2021 — An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. Un problema presente en la asignación de bajada y registro podría haber conllevado a fallos de confusión de registro oscuros pero deterministas en el código JITted que conllevaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox version... • https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29982
https://notcve.org/view.php?id=CVE-2021-29982
17 Aug 2021 — Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Debido a una optimización JIT incorrecta, interpretamos incorrectamente los datos de un tipo de objeto erróneo, resultando en la posible filtración de un solo bit de memoria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91. • https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29987 – Ubuntu Security Notice USN-5248-1
https://notcve.org/view.php?id=CVE-2021-29987
17 Aug 2021 — After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. Después de solicitar múltiples permisos, y cerrar el primer panel de permisos, los... • https://bugzilla.mozilla.org/show_bug.cgi?id=1716129 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29988 – Mozilla: Memory corruption as a result of incorrect style treatment
https://notcve.org/view.php?id=CVE-2021-29988
16 Aug 2021 — Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Firefox trataba incorrectamente un elemento de lista en línea como un elemento de bloqueo, resultando en una lectura fuera de límites o una corrupción de la memoria, y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1717922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 3%CPEs: 4EXPL: 1CVE-2021-29986 – Mozilla: Race condition when resolving DNS names could have led to memory corruption
https://notcve.org/view.php?id=CVE-2021-29986
16 Aug 2021 — A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una supuesta condición de carrera cuando se llama a getaddrinfo que conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: Este problema sólo afectaba a los sist... • https://bugzilla.mozilla.org/show_bug.cgi?id=1696138 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •