CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34477 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34477
10 Aug 2022 — The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. La propiedad del mensaje MediaError debe ser coherente para evitar la filtración de información sobre recursos de origen cruzado; sin embargo, para un recurso de origen cruzado del mismo sitio, el mensaje podría haber filtrado información que... • https://bugzilla.mozilla.org/show_bug.cgi?id=1731614 • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34483 – Gentoo Linux Security Advisory 202208-08
https://notcve.org/view.php?id=CVE-2022-34483
10 Aug 2022 — An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr... • https://bugzilla.mozilla.org/show_bug.cgi?id=1335845 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2505 – Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
https://notcve.org/view.php?id=CVE-2022-2505
29 Jul 2022 — Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Los desarrolladores de Mozilla y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 102. Algunos de estos errores mostraron ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1769739%2C1772824 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36319 – Mozilla: Mouse Position spoofing with CSS transforms
https://notcve.org/view.php?id=CVE-2022-36319
28 Jul 2022 — When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al combinar propiedades CSS para desbordamiento y transformación, el cursor del mouse podría interactuar con coordenadas diferentes a las mostradas. Esta vulnerabilidad afecta a Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thund... • https://bugzilla.mozilla.org/show_bug.cgi?id=1737722 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36318 – Mozilla: Directory indexes for bundled resources reflected URL parameters
https://notcve.org/view.php?id=CVE-2022-36318
28 Jul 2022 — When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al visitar listados de directorios para URL `chrome://` como texto fuente, se reflejaron algunos parámetros. Esta vulnerabilidad afecta a Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird< 102.1 y Thunderbird < 91.12. A flaw was found in Mozilla.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1771774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34480 – Ubuntu Security Notice USN-5872-1
https://notcve.org/view.php?id=CVE-2022-34480
11 Jul 2022 — Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102. Dentro de la función lg_init(), si varias asignaciones tienen éxito pero luego una falla, se habría liberado un puntero no inicializado a pesar de que nunca se asignó. Esta vulnerabilidad afecta a Firefox < 102. Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1454072 • CWE-824: Access of Uninitialized Pointer •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-34484 – Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
https://notcve.org/view.php?id=CVE-2022-34484
28 Jun 2022 — The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. El equipo Mozilla Fuzzing informó sobre posibles vulnerabilidades presentes en Thunderbird 91.10. Algunos de estos errores mostraron evidencia de corrupción ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34472 – Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
https://notcve.org/view.php?id=CVE-2022-34472
28 Jun 2022 — If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si hubiera una URL de PAC configurada y no se pudiera acceder al servidor que aloja el PAC, las solicitudes de OCSP se habrían bloqueado, lo que provocaría que se mostraran páginas de error incorrectas. Esta vulnerabilidad afecta a Firefo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1770123 • CWE-393: Return of Wrong Status Code CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34479 – Mozilla: A popup window could be resized in a way to overlay the address bar with web content
https://notcve.org/view.php?id=CVE-2022-34479
28 Jun 2022 — A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Un sitio web malicioso que podría crear una ventana emergente podría haber cambiado el tamaño de la ventana emergente para superpo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1745595 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34481 – Mozilla: Potential integer overflow in ReplaceElementsAt
https://notcve.org/view.php?id=CVE-2022-34481
28 Jun 2022 — In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. En la función nsTArray_Impl::ReplaceElementsAt(), podría haber ocurrido un desbordamiento de enteros cuando la cantidad de elementos a reemplazar era demasiado grande para el contenedor. Esta vulnerabilidad afecta a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1497246 • CWE-190: Integer Overflow or Wraparound •