CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29912 – Mozilla: Reader mode bypassed SameSite cookies
https://notcve.org/view.php?id=CVE-2022-29912
04 May 2022 — Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Las solicitudes iniciadas a través del modo lector no omitieron correctamente las cookies con un atributo SameSite. Esta vulnerabilidad afecta a Thunderbird < 91.9, Firefox ESR < 91.9 y Firefox < 100. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1692655 • CWE-565: Reliance on Cookies without Validation and Integrity Checking CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 4CVE-2022-28285 – Mozilla: Incorrect AliasSet used in JIT Codegen
https://notcve.org/view.php?id=CVE-2022-28285
08 Apr 2022 — When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Al generar el código ensamblador para MLoadTypedArrayElementHole, se utilizó un AliasSet incorrecto. Junto con otra vulnerabilidad, esto podría haberse utilizado para una lectura de memoria fuera de lo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1756957 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1097 – Mozilla: Use-after-free in NSSToken objects
https://notcve.org/view.php?id=CVE-2022-1097
08 Apr 2022 — NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Se hacía referencia a los objetos NSSToken a través de puntos directos y se podría haber accedido a ellos de forma insegura en diferentes subprocesos, lo que provocó un use after free y un bloqueo potencialmente explot... • https://bugzilla.mozilla.org/show_bug.cgi?id=1745667 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28289 – Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
https://notcve.org/view.php?id=CVE-2022-28289
08 Apr 2022 — Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Los desarrolladores de Mozilla y miembros de la comunidad Nika Layzell, Andrew McCreight, Gab... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28284 – Ubuntu Security Notice USN-5370-1
https://notcve.org/view.php?id=CVE-2022-28284
08 Apr 2022 — SVG's <use> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99. El elemento de SVG podría haberse utilizado para cargar contenido inesperado que podría haber ejecutado un script en determinadas ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1754522 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28283 – Ubuntu Security Notice USN-5370-1
https://notcve.org/view.php?id=CVE-2022-28283
08 Apr 2022 — The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99. La función sourceMapURL en devtools le faltaban controles de seguridad que habrían permitido que una página web intentara incluir archivos locales u otros archivos que deberían haber sido inaccesibles. Esta vulnerabilidad afecta a Firefox < 99. Multiple security issues were discovere... • https://bugzilla.mozilla.org/show_bug.cgi?id=1754066 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 5CVE-2022-28282 – Mozilla: Use-after-free in DocumentL10n::TranslateDocument
https://notcve.org/view.php?id=CVE-2022-28282
08 Apr 2022 — By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Al utilizar un enlace con rel="localization", se podría haber activado un use-after-free al destruir un objeto durante la ejecución de JavaScript y luego hacer referen... • https://github.com/bb33bb/CVE-2022-28282-firefox • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28288 – Ubuntu Security Notice USN-5370-1
https://notcve.org/view.php?id=CVE-2022-28288
08 Apr 2022 — Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 99. Los desarrolladores de Mozilla y miembros de la comunidad Randell Jesup, Sebastian Hengst y el equipo Mozilla Fuzzing informaron errores de seguridad de memori... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746415%2C1746495%2C1746500%2C1747282%2C1748759%2C1749056%2C1749786%2C1751679%2C1752120%2C1756010%2C1756017%2C1757213%2C1757258%2C1757427 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 4CVE-2022-28286 – Mozilla: iframe contents could be rendered outside the border
https://notcve.org/view.php?id=CVE-2022-28286
08 Apr 2022 — Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Debido a un cambio de diseño, es posible que el contenido del iframe se haya representado fuera de su borde. Esto podría haber provocado confusión en el usuario o ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735265 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28287 – Ubuntu Security Notice USN-5370-1
https://notcve.org/view.php?id=CVE-2022-28287
08 Apr 2022 — In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. En circunstancias inusuales, la selección de texto podría provocar que el almacenamiento en caché de selección de texto se comportara incorrectamente, lo que provocaría un bloqueo. Esta vulnerabilidad afecta a Firefox < 99. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1741515 •