CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6212 – Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
https://notcve.org/view.php?id=CVE-2023-6212
21 Nov 2023 — Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Errores de seguridad de la memoria presentes en Firefox 119, Firefox 115.4 y Thunderbird 115.4. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos q... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6209 – Mozilla: Incorrect parsing of relative URLs starting with "///"
https://notcve.org/view.php?id=CVE-2023-6209
21 Nov 2023 — Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Las URL relativas que comenzaban con tres barras se analizaban incorrectamente y se podía utilizar una parte de path-traversal "/../" en la ruta para anular el host especificado. Esto podría contribuir a pro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1858570 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6208 – Mozilla: Using Selection API would copy contents into X11 primary selection.
https://notcve.org/view.php?id=CVE-2023-6208
21 Nov 2023 — When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Al usar X11, el texto seleccionado por la página usando la API de selección se copiaba erróneamente en la selección principal, un almacenamiento temporal similar al portapapeles. *Este erro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855345 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6207 – Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
https://notcve.org/view.php?id=CVE-2023-6207
21 Nov 2023 — Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La mala gestión de la propiedad provocó un uso después de la liberación en ReadableByteStreams. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams USN-6509-1 fixed vulnerab... • https://bugzilla.mozilla.org/show_bug.cgi?id=1861344 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6206 – Mozilla: Clickjacking permission prompts using the fullscreen transition
https://notcve.org/view.php?id=CVE-2023-6206
21 Nov 2023 — The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La animación de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duración del retraso anti-clickjacking en las solicitudes de permiso.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1857430 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6205 – Mozilla: Use-after-free in MessagePort::Entangled
https://notcve.org/view.php?id=CVE-2023-6205
21 Nov 2023 — It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Era posible provocar el uso de un MessagePort después de que ya se había liberado, lo que podría haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1854076 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6204 – Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
https://notcve.org/view.php?id=CVE-2023-6204
21 Nov 2023 — On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. En algunos sistemas, dependiendo de la configuración de gráficos y los controladores, era posible forzar una lectura fuera de los límites y filtrar datos de memoria en las imágenes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1841050 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5732 – Mozilla: Address bar spoofing via bidirectional characters
https://notcve.org/view.php?id=CVE-2023-5732
24 Oct 2023 — An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un atacante podría haber creado un enlace malicioso utilizando caracteres bidireccionales para falsificar la ubicación en la barra de direcciones cuando se visita. Esta vulnerabilidad afecta a Firefox < 117, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Sec... • https://bugzilla.mozilla.org/show_bug.cgi?id=1690979 • CWE-450: Multiple Interpretations of UI Input •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5730 – Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
https://notcve.org/view.php?id=CVE-2023-5730
24 Oct 2023 — Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Errores de seguridad de la memoria presentes en Firefox 118, Firefox ESR 115.3 y Thunderbird 115.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponem... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5728 – Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.
https://notcve.org/view.php?id=CVE-2023-5728
24 Oct 2023 — During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Durante la recolección de la "basura" se realizaron operaciones adicionales en un objeto que no debería realizarse. Esto podría haber provocado un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1852729 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-416: Use After Free •