CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42929 – Mozilla: Denial of Service via window.print
https://notcve.org/view.php?id=CVE-2022-42929
If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Si un sitio web se llama 'window.print()' de una manera particular, podría causar una denegación de servicio del navegador, que puede persistir más allá del reinicio del navegador dependiendo de la configuración de restauración de sesión del usuario. Esta vulnerabilidad afecta a Firefox < 106, Firefox ESR < 102.4 y Thunderbird < 102.4. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789439 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42929 https://bugzilla.redhat.com/show_bug.cgi?id=2136158 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42932 – Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4
https://notcve.org/view.php?id=CVE-2022-42932
Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Los desarrolladores de Mozilla Ashley Hale y el equipo de Mozilla Fuzzing informaron errores de seguridad de memoria presentes en Firefox 105 y Firefox ESR 102.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789729%2C1791363%2C1792041 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42932 https://bugzilla.redhat.com/show_bug.cgi?id=2136159 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42928 – Mozilla: Memory Corruption in JS Engine
https://notcve.org/view.php?id=CVE-2022-42928
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. A ciertos tipos de asignaciones les faltaban anotaciones que, si el recolector de elementos no utilizados estaba en un estado específico, podrían haber provocado daños en la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 106, Firefox ESR < 102.4 y Thunderbird < 102.4. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791520 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42928 https://bugzilla.redhat.com/show_bug.cgi?id=2136157 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40958 – Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix
https://notcve.org/view.php?id=CVE-2022-40958
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Al inyectar una cookie con ciertos caracteres especiales, un atacante en un subdominio compartido que no es un contexto seguro podría establecer y, por lo tanto, sobrescribir cookies desde un contexto seguro, lo que provocaría la fijación de sesiones y otros ataques. Esta vulnerabilidad afecta a Firefox ESR < 102.3, Thunderbird < 102.3 y Firefox < 105. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1779993 https://www.mozilla.org/security/advisories/mfsa2022-40 https://www.mozilla.org/security/advisories/mfsa2022-41 https://www.mozilla.org/security/advisories/mfsa2022-42 https://access.redhat.com/security/cve/CVE-2022-40958 https://bugzilla.redhat.com/show_bug.cgi?id=2128794 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40959 – Mozilla: Bypassing FeaturePolicy restrictions on transient pages
https://notcve.org/view.php?id=CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Durante la navegación por iframe, ciertas páginas no tenían su FeaturePolicy completamente inicializada, lo que provocó una omisión que filtró permisos del dispositivo a subdocumentos que no eran de confianza. Esta vulnerabilidad afecta a Firefox ESR < 102.3, Thunderbird < 102.3 y Firefox < 105. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1782211 https://www.mozilla.org/security/advisories/mfsa2022-40 https://www.mozilla.org/security/advisories/mfsa2022-41 https://www.mozilla.org/security/advisories/mfsa2022-42 https://access.redhat.com/security/cve/CVE-2022-40959 https://bugzilla.redhat.com/show_bug.cgi?id=2128792 • CWE-922: Insecure Storage of Sensitive Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •