CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0749 – Mozilla: Phishing site popup could show local origin in address bar
https://notcve.org/view.php?id=CVE-2024-0749
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. Un sitio de phishing podría haber reutilizado un cuadro de diálogo "acerca de:" para mostrar contenido de phishing con un origen incorrecto en la barra de direcciones. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1813463 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0749 https://bugzilla.redhat.com/show_bug.cgi?id=2259930 • CWE-346: Origin Validation Error CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0747 – Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
https://notcve.org/view.php?id=CVE-2024-0747
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Cuando una página principal cargaba una secundaria en un iframe con "unsafe-inline", la política de seguridad de contenido principal podría haber anulado la política de seguridad de contenido secundaria. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1764343 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0747 https://bugzilla.redhat.com/show_bug.cgi?id=2259929 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0746 – Mozilla: Crash when listing printers on Linux
https://notcve.org/view.php?id=CVE-2024-0746
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Un usuario de Linux que hubiera abierto el cuadro de diálogo de vista previa de impresión podría haber provocado que el navegador fallara. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A Linux user opening the print preview dialog could have caused the browser to crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1660223 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0746 https://bugzilla.redhat.com/show_bug.cgi?id=2259928 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0742 – Mozilla: Failure to update user input timestamp
https://notcve.org/view.php?id=CVE-2024-0742
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador sin querer debido a una marca de tiempo incorrecta utilizada para evitar la entrada después de cargar la página. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. • https://bugzilla.mozilla.org/show_bug.cgi?id=1867152 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0742 https://bugzilla.redhat.com/show_bug.cgi?id=2259927 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-0741 – Mozilla: Out of bounds write in ANGLE
https://notcve.org/view.php?id=CVE-2024-0741
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Una escritura fuera de los límites en ANGLE podría haber permitido que un atacante corrompiera la memoria y provocara un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. • https://github.com/HyHy100/Firefox-ANGLE-CVE-2024-0741 https://bugzilla.mozilla.org/show_bug.cgi?id=1864587 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0741 https://bugzilla.redhat& • CWE-787: Out-of-bounds Write •