CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31748 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-31748
10 Aug 2022 — Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. Los desarrolladores de Mozilla Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard y el equipo Mozilla Fuzzing informaron errores de segurida... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1713773%2C1762201%2C1762469%2C1762770%2C1764878%2C1765226%2C1765782%2C1765973%2C1767177%2C1767181%2C1768232%2C1768251%2C1769869 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34474 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34474
10 Aug 2022 — Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Incluso cuando un iframe estaba protegido con allow-top-navigation-by-user-activation, si recibía un encabezado de redireccionamiento a un protocolo externo, el navegador procesaría el redireccionamiento y avisaría al usuario según ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34473 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34473
10 Aug 2022 — The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102. El HTML Sanitizer debería haber sanitizado el atributo href de las etiquetas SVG ; sin embargo, no sanitizó incorrectamente los atributos xlink:href. Esta vulnerabilidad afecta a Firefox < 102. Multiple vulnerabilities have been found in Moz... • https://bugzilla.mozilla.org/show_bug.cgi?id=1770888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2505 – Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
https://notcve.org/view.php?id=CVE-2022-2505
29 Jul 2022 — Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Los desarrolladores de Mozilla y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 102. Algunos de estos errores mostraron ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1769739%2C1772824 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36318 – Mozilla: Directory indexes for bundled resources reflected URL parameters
https://notcve.org/view.php?id=CVE-2022-36318
28 Jul 2022 — When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al visitar listados de directorios para URL `chrome://` como texto fuente, se reflejaron algunos parámetros. Esta vulnerabilidad afecta a Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird< 102.1 y Thunderbird < 91.12. A flaw was found in Mozilla.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1771774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36319 – Mozilla: Mouse Position spoofing with CSS transforms
https://notcve.org/view.php?id=CVE-2022-36319
28 Jul 2022 — When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al combinar propiedades CSS para desbordamiento y transformación, el cursor del mouse podría interactuar con coordenadas diferentes a las mostradas. Esta vulnerabilidad afecta a Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thund... • https://bugzilla.mozilla.org/show_bug.cgi?id=1737722 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34480 – Ubuntu Security Notice USN-5872-1
https://notcve.org/view.php?id=CVE-2022-34480
11 Jul 2022 — Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102. Dentro de la función lg_init(), si varias asignaciones tienen éxito pero luego una falla, se habría liberado un puntero no inicializado a pesar de que nunca se asignó. Esta vulnerabilidad afecta a Firefox < 102. Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1454072 • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34472 – Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
https://notcve.org/view.php?id=CVE-2022-34472
28 Jun 2022 — If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si hubiera una URL de PAC configurada y no se pudiera acceder al servidor que aloja el PAC, las solicitudes de OCSP se habrían bloqueado, lo que provocaría que se mostraran páginas de error incorrectas. Esta vulnerabilidad afecta a Firefo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1770123 • CWE-393: Return of Wrong Status Code CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 8%CPEs: 3EXPL: 0CVE-2022-2200 – Mozilla: Undesired attributes could be set as part of prototype pollution
https://notcve.org/view.php?id=CVE-2022-2200
28 Jun 2022 — If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si un atacante corrompiera el prototipo de un objeto, habría podido establecer atributos no deseados en un objeto JavaScript, lo que habría llevado a la ejecución de código privilegiado. Esta vulnerabilidad afecta a Firefox < 102, Fi... • https://bugzilla.mozilla.org/show_bug.cgi?id=1771381 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34470 – Mozilla: Use-after-free in nsSHistory
https://notcve.org/view.php?id=CVE-2022-34470
28 Jun 2022 — Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Las navegaciones del historial de sesiones pueden haber provocado un bloqueo de use-after-free y potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102 y Thunderbird < 91.11. The Mozilla Foundation Security Advisory describes this flaw as: Se... • https://bugzilla.mozilla.org/show_bug.cgi?id=1765951 • CWE-416: Use After Free •