CVE-2023-29536 – Mozilla: Invalid free from JavaScript code
https://notcve.org/view.php?id=CVE-2023-29536
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1821959 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29536 https://bugzilla.redhat.com/show_bug.cgi?id=2186104 • CWE-416: Use After Free CWE-617: Reachable Assertion •
CVE-2023-29538
https://notcve.org/view.php?id=CVE-2023-29538
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1685403 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-29539 – Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784348 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29539 https://bugzilla.redhat.com/show_bug.cgi?id=2186105 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-476: NULL Pointer Dereference •
CVE-2023-29540
https://notcve.org/view.php?id=CVE-2023-29540
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1790542 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-29541 – Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
https://notcve.org/view.php?id=CVE-2023-29541
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in `.desktop`, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1810191 https://www.mozilla.org/security/advisories/mfsa2023-13 https://www.mozilla.org/security/advisories/mfsa2023-14 https://www.mozilla.org/security/advisories/mfsa2023-15 https://access.redhat.com/security/cve/CVE-2023-29541 https://bugzilla.redhat.com/show_bug.cgi?id=2186106 • CWE-116: Improper Encoding or Escaping of Output CWE-434: Unrestricted Upload of File with Dangerous Type •