CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34469 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34469
10 Aug 2022 — When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1721220 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29918 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-29918
10 Aug 2022 — Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100. Los desarrolladores de Mozilla Gabriele Svelto, Randell Jesup y Mozilla Fuzzing Team informaron sobre errores de seguridad de la memoria presentes en Firefox 99. Algunos de estos err... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1744043%2C1747178%2C1753535%2C1754017%2C1755847%2C1756172%2C1757477%2C1758223%2C1760160%2C1761481%2C1761771 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34477 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34477
10 Aug 2022 — The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. La propiedad del mensaje MediaError debe ser coherente para evitar la filtración de información sobre recursos de origen cruzado; sin embargo, para un recurso de origen cruzado del mismo sitio, el mensaje podría haber filtrado información que... • https://bugzilla.mozilla.org/show_bug.cgi?id=1731614 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26385 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-26385
10 Aug 2022 — In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98. En circunstancias inusuales, un subproceso individual puede sobrevivir al administrador del subproceso durante el cierre. Esto podría haber llevado a un use-after-free que provocó un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1747526 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34473 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34473
10 Aug 2022 — The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102. El HTML Sanitizer debería haber sanitizado el atributo href de las etiquetas SVG ; sin embargo, no sanitizó incorrectamente los atributos xlink:href. Esta vulnerabilidad afecta a Firefox < 102. Multiple vulnerabilities have been found in Moz... • https://bugzilla.mozilla.org/show_bug.cgi?id=1770888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31748 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-31748
10 Aug 2022 — Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. Los desarrolladores de Mozilla Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard y el equipo Mozilla Fuzzing informaron errores de segurida... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1713773%2C1762201%2C1762469%2C1762770%2C1764878%2C1765226%2C1765782%2C1765973%2C1767177%2C1767181%2C1768232%2C1768251%2C1769869 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34471 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34471
10 Aug 2022 — When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. Al descargar una actualización para un complemento, no se verificó que la versión de la actualización del complemento descargada coincidiera con la versión seleccionada en el manifiesto. S... • https://bugzilla.mozilla.org/show_bug.cgi?id=1766047 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34474 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34474
10 Aug 2022 — Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Incluso cuando un iframe estaba protegido con allow-top-navigation-by-user-activation, si recibía un encabezado de redireccionamiento a un protocolo externo, el navegador procesaría el redireccionamiento y avisaría al usuario según ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2505 – Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
https://notcve.org/view.php?id=CVE-2022-2505
29 Jul 2022 — Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Los desarrolladores de Mozilla y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 102. Algunos de estos errores mostraron ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1769739%2C1772824 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36319 – Mozilla: Mouse Position spoofing with CSS transforms
https://notcve.org/view.php?id=CVE-2022-36319
28 Jul 2022 — When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al combinar propiedades CSS para desbordamiento y transformación, el cursor del mouse podría interactuar con coordenadas diferentes a las mostradas. Esta vulnerabilidad afecta a Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thund... • https://bugzilla.mozilla.org/show_bug.cgi?id=1737722 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •