CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38498 – Mozilla: Use-after-free of nsLanguageAtomService object
https://notcve.org/view.php?id=CVE-2021-38498
11 Oct 2021 — During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Durante el cierre del proceso, un documento podría haber causado un uso de memoria previamente liberada de un objeto de servicio de idiomas, conllevando a una corrupción de memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox v... • https://bugzilla.mozilla.org/show_bug.cgi?id=1729642 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-38492 – Gentoo Linux Security Advisory 202208-14
https://notcve.org/view.php?id=CVE-2021-38492
11 Oct 2021 — When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. Cuando se delegaba la navegación al sistema operativo, Firefox aceptaba el esquema "mk" que podía perm... • https://bugzilla.mozilla.org/show_bug.cgi?id=1721107 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38495 – Gentoo Linux Security Advisory 202208-14
https://notcve.org/view.php?id=CVE-2021-38495
11 Oct 2021 — Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Thunderbird versión 78.13.0. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con s... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38493 – Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://notcve.org/view.php?id=CVE-2021-38493
13 Sep 2021 — Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox versión 91 y Firefox ESR versión 78.13. Algunos de estos bugs mostraban evidenci... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40529 – Gentoo Linux Security Advisory 202208-14
https://notcve.org/view.php?id=CVE-2021-40529
06 Sep 2021 — The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Una implementación de ElGamal en Botan versiones hasta 2.18.1, tal y como se usa en Thunderbird ... • https://eprint.iacr.org/2021/923 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29981 – Ubuntu Security Notice USN-5248-1
https://notcve.org/view.php?id=CVE-2021-29981
17 Aug 2021 — An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. Un problema presente en la asignación de bajada y registro podría haber conllevado a fallos de confusión de registro oscuros pero deterministas en el código JITted que conllevaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox version... • https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29982 – openSUSE Security Advisory - openSUSE-SU-2021:1367-1
https://notcve.org/view.php?id=CVE-2021-29982
17 Aug 2021 — Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Debido a una optimización JIT incorrecta, interpretamos incorrectamente los datos de un tipo de objeto erróneo, resultando en la posible filtración de un solo bit de memoria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91. An update that... • https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29987 – Ubuntu Security Notice USN-5248-1
https://notcve.org/view.php?id=CVE-2021-29987
17 Aug 2021 — After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. Después de solicitar múltiples permisos, y cerrar el primer panel de permisos, los... • https://bugzilla.mozilla.org/show_bug.cgi?id=1716129 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-29984 – Mozilla: Incorrect instruction reordering during JIT optimization
https://notcve.org/view.php?id=CVE-2021-29984
16 Aug 2021 — Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una reordenación de instrucciones resultaba en una secuencia de instrucciones que causaría que un objeto fuera considerado incorrectamente durante la recogida de basura. Esto conllevaba a una cor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29986 – Mozilla: Race condition when resolving DNS names could have led to memory corruption
https://notcve.org/view.php?id=CVE-2021-29986
16 Aug 2021 — A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una supuesta condición de carrera cuando se llama a getaddrinfo que conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: Este problema sólo afectaba a los sist... • https://bugzilla.mozilla.org/show_bug.cgi?id=1696138 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •