CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29547 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29547
30 May 2023 — When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1783536 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32208 – Ubuntu Security Notice USN-6074-3
https://notcve.org/view.php?id=CVE-2023-32208
15 May 2023 — Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. • https://bugzilla.mozilla.org/show_bug.cgi?id=1646034 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32210 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-32210
15 May 2023 — Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obta... • https://bugzilla.mozilla.org/show_bug.cgi?id=1776755 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32209 – Ubuntu Security Notice USN-6074-3
https://notcve.org/view.php?id=CVE-2023-32209
15 May 2023 — A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767194 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32205 – Mozilla: Browser prompts could have been obscured by popups
https://notcve.org/view.php?id=CVE-2023-32205
11 May 2023 — In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1753339 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32206 – Mozilla: Crash in RLBox Expat driver
https://notcve.org/view.php?id=CVE-2023-32206
11 May 2023 — An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led to a crash in the RLBox Expat driver. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1824892 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32207 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2023-32207
11 May 2023 — A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced... • https://bugzilla.mozilla.org/show_bug.cgi?id=1826116 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32211 – Mozilla: Content process crash due to invalid wasm code
https://notcve.org/view.php?id=CVE-2023-32211
11 May 2023 — A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtai... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823379 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32212 – Mozilla: Potential spoof due to obscured address bar
https://notcve.org/view.php?id=CVE-2023-32212
11 May 2023 — An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have positioned a `datalist` element to obscure the address bar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826622 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32213 – Mozilla: Potential memory corruption in FileReader::DoReadData()
https://notcve.org/view.php?id=CVE-2023-32213
11 May 2023 — When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826666 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •