Page 31 of 2526 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1753339 https://bugzilla.mozilla.org/show_bug.cgi?id=1753341 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32205 https://bugzilla.redhat.com/show_bug.cgi?id=2196736 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29550 https://bugzilla.redhat.com/show_bug.cgi?id=2186111 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1820543 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29535 https://bugzilla.redhat.com/show_bug.cgi?id=2186103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1821959 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29536 https://bugzilla.redhat.com/show_bug.cgi?id=2186104 • CWE-416: Use After Free CWE-617: Reachable Assertion •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1685403 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-668: Exposure of Resource to Wrong Sphere •