CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6208 – Mozilla: Using Selection API would copy contents into X11 primary selection.
https://notcve.org/view.php?id=CVE-2023-6208
21 Nov 2023 — When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Al usar X11, el texto seleccionado por la página usando la API de selección se copiaba erróneamente en la selección principal, un almacenamiento temporal similar al portapapeles. *Este erro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855345 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6207 – Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
https://notcve.org/view.php?id=CVE-2023-6207
21 Nov 2023 — Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La mala gestión de la propiedad provocó un uso después de la liberación en ReadableByteStreams. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams USN-6509-1 fixed vulnerab... • https://bugzilla.mozilla.org/show_bug.cgi?id=1861344 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6206 – Mozilla: Clickjacking permission prompts using the fullscreen transition
https://notcve.org/view.php?id=CVE-2023-6206
21 Nov 2023 — The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La animación de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duración del retraso anti-clickjacking en las solicitudes de permiso.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1857430 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6205 – Mozilla: Use-after-free in MessagePort::Entangled
https://notcve.org/view.php?id=CVE-2023-6205
21 Nov 2023 — It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Era posible provocar el uso de un MessagePort después de que ya se había liberado, lo que podría haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1854076 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6204 – Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
https://notcve.org/view.php?id=CVE-2023-6204
21 Nov 2023 — On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. En algunos sistemas, dependiendo de la configuración de gráficos y los controladores, era posible forzar una lectura fuera de los límites y filtrar datos de memoria en las imágenes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1841050 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2023-5732 – Mozilla: Address bar spoofing via bidirectional characters
https://notcve.org/view.php?id=CVE-2023-5732
24 Oct 2023 — An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un atacante podría haber creado un enlace malicioso utilizando caracteres bidireccionales para falsificar la ubicación en la barra de direcciones cuando se visita. Esta vulnerabilidad afecta a Firefox < 117, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Sec... • https://bugzilla.mozilla.org/show_bug.cgi?id=1690979 • CWE-450: Multiple Interpretations of UI Input •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2023-5730 – Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
https://notcve.org/view.php?id=CVE-2023-5730
24 Oct 2023 — Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Errores de seguridad de la memoria presentes en Firefox 118, Firefox ESR 115.3 y Thunderbird 115.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponem... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2023-5728 – Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.
https://notcve.org/view.php?id=CVE-2023-5728
24 Oct 2023 — During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Durante la recolección de la "basura" se realizaron operaciones adicionales en un objeto que no debería realizarse. Esto podría haber provocado un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1852729 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5725 – Mozilla: WebExtensions could open arbitrary URLs
https://notcve.org/view.php?id=CVE-2023-5725
24 Oct 2023 — A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Una WebExtension maliciosa instalada podría abrir URL arbitrarias, que en las circunstancias adecuadas podrían aprovecharse para recopilar datos confidenciales del usuario. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The... • https://bugzilla.mozilla.org/show_bug.cgi?id=1845739 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2023-5724 – Mozilla: Large WebGL draw could have led to a crash
https://notcve.org/view.php?id=CVE-2023-5724
24 Oct 2023 — Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Los controladores no siempre son resistentes a las llamadas de "dibujo" extremadamente grandes y, en algunos casos, este escenario podría haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 • CWE-400: Uncontrolled Resource Consumption CWE-1021: Improper Restriction of Rendered UI Layers or Frames •