CVE-2024-0746 – Mozilla: Crash when listing printers on Linux
https://notcve.org/view.php?id=CVE-2024-0746
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Un usuario de Linux que hubiera abierto el cuadro de diálogo de vista previa de impresión podría haber provocado que el navegador fallara. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A Linux user opening the print preview dialog could have caused the browser to crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1660223 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0746 https://bugzilla.redhat.com/show_bug.cgi?id=2259928 • CWE-20: Improper Input Validation •
CVE-2024-0742 – Mozilla: Failure to update user input timestamp
https://notcve.org/view.php?id=CVE-2024-0742
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador sin querer debido a una marca de tiempo incorrecta utilizada para evitar la entrada después de cargar la página. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. • https://bugzilla.mozilla.org/show_bug.cgi?id=1867152 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0742 https://bugzilla.redhat.com/show_bug.cgi?id=2259927 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2024-0741 – Mozilla: Out of bounds write in ANGLE
https://notcve.org/view.php?id=CVE-2024-0741
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Una escritura fuera de los límites en ANGLE podría haber permitido que un atacante corrompiera la memoria y provocara un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. • https://github.com/HyHy100/Firefox-ANGLE-CVE-2024-0741 https://bugzilla.mozilla.org/show_bug.cgi?id=1864587 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0741 https://bugzilla.redhat& • CWE-787: Out-of-bounds Write •
CVE-2023-50447 – pillow: Arbitrary Code Execution via the environment parameter
https://notcve.org/view.php?id=CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). Pillow hasta la versión 10.1.0 permite la ejecución de código arbitrario PIL.ImageMath.eval a través del parámetro de entorno, una vulnerabilidad diferente a CVE-2022-22817 (que se refería al parámetro de expresión). A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter. • http://www.openwall.com/lists/oss-security/2024/01/20/1 https://devhub.checkmarx.com/cve-details/CVE-2023-50447 https://duartecsantos.github.io/2024-01-02-CVE-2023-50447 https://github.com/python-pillow/Pillow/releases https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html https://access.redhat.com/security/cve/CVE-2023-50447 https://bugzilla.redhat.com/show_bug.cgi?id=2259479 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2023-6816 – Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
https://notcve.org/view.php?id=CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used. Se encontró un fallo en el servidor X.Org. Tanto DeviceFocusEvent como la respuesta de XIQueryPointer contienen un bit para cada botón lógico actualmente presionado. • http://www.openwall.com/lists/oss-security/2024/01/18/1 https://access.redhat.com/errata/RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:0557 https://access.redhat.com/errata/RHSA-2024:0558 https://access.redhat.com/errata/RHSA-2024:0597 https://access.redhat.com/errata/RHSA-2024:0607 https://access.redhat.com/errata/RHSA-2024:0614 https://access.redhat.com/errata/RHSA-2024:0617 https://access.redhat.com/errata/RHSA-2024:0621 https://access.redhat.com& • CWE-787: Out-of-bounds Write •