Page 31 of 1914 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826116 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32207 https://bugzilla.redhat.com/show_bug.cgi?id=2196738 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-290: Authentication Bypass by Spoofing •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29550 https://bugzilla.redhat.com/show_bug.cgi?id=2186111 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1820543 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29535 https://bugzilla.redhat.com/show_bug.cgi?id=2186103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1790542 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a combination of `window.open`, fullscreen requests, `window.name` assignments, and `setInterval` calls. This could have led to user confusion and possible spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1798219 https://bugzilla.mozilla.org/show_bug.cgi?id=1814597 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29533 https://bugzilla.redhat.com/show_bug.cgi?id=2186101 • CWE-425: Direct Request ('Forced Browsing') •