CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28283 – Ubuntu Security Notice USN-5370-1
https://notcve.org/view.php?id=CVE-2022-28283
08 Apr 2022 — The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99. La función sourceMapURL en devtools le faltaban controles de seguridad que habrían permitido que una página web intentara incluir archivos locales u otros archivos que deberían haber sido inaccesibles. Esta vulnerabilidad afecta a Firefox < 99. Multiple security issues were discovere... • https://bugzilla.mozilla.org/show_bug.cgi?id=1754066 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0843 – Ubuntu Security Notice USN-5321-2
https://notcve.org/view.php?id=CVE-2022-0843
11 Mar 2022 — Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98. Los desarrolladores de Mozilla, Kershaw Chang, Ryan VanderMeulen y Randell Jesup, informaron sobre errores de seguridad de la memoria presentes en Firefox 97. Algunos de estos errores mostrar... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746523%2C1749062%2C1749164%2C1749214%2C1749610%2C1750032%2C1752100%2C1752405%2C1753612%2C1754508 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26384 – Mozilla: iframe allow-scripts sandbox bypass
https://notcve.org/view.php?id=CVE-2022-26384
11 Mar 2022 — If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Si un atacante pudiera controlar el contenido de un iframe en un espacio aislado con allow-popups pero no con allow-scripts, podría crear un enlace que, a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1744352 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26383 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-26383
11 Mar 2022 — When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Al cambiar el tamaño de una ventana emergente después de solicitar acceso a pantalla completa, la ventana emergente no mostraba la notificación en pantalla completa. Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742421 • CWE-449: The UI Performs the Wrong Action •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26387 – Mozilla: Time-of-check time-of-use bug when verifying add-on signatures
https://notcve.org/view.php?id=CVE-2022-26387
11 Mar 2022 — When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Al instalar un complemento, Firefox verificaba la firma antes de avisar al usuario; pero mientras el usuario confirmaba el mensaje, el archivo complementario subyacente podría haberse modificado y Firefox no ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1752979 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2022-26381 – Mozilla Firefox textPath Element Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26381
09 Mar 2022 — An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Un atacante podría haber provocado un use-after-free al forzar un reflujo de texto en un objeto SVG, lo que provocó un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. The Mozilla Foundation Security Advisory descri... • https://bugzilla.mozilla.org/show_bug.cgi?id=1736243 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 2CVE-2022-26486 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-26486
07 Mar 2022 — An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Un mensaje inesperado en el framework IPC de WebGPU podría provocar un escape de la sandbox explotable y de use-after-free. Hemos recibido informes de ataques en la naturaleza que abusan de esta fal... • https://bugzilla.mozilla.org/show_bug.cgi?id=1758070 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 2CVE-2022-26485 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-26485
07 Mar 2022 — Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. La eliminación de un parámetro XSLT durante el procesamiento podría haber dado lugar a un use-after-free explotable. Hemos recibido informes de ataques en la naturaleza que abusan de esta falla. • https://github.com/mistymntncop/CVE-2022-26485 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22756 – Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable
https://notcve.org/view.php?id=CVE-2022-22756
14 Feb 2022 — If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si se convenciera a un usuario de arrastrar y soltar una imagen en su escritorio u otra carpeta, el objeto resultante podría haberse convertido en un script ejecutable que habría ejecutado código arbitrario... • https://bugzilla.mozilla.org/show_bug.cgi?id=1317873 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0511 – Ubuntu Security Notice USN-5284-1
https://notcve.org/view.php?id=CVE-2022-0511
14 Feb 2022 — Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97. Los desarrolladores de Mozilla y miembros de la comunidad Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1713579%2C1735448%2C1743821%2C1746313%2C1746314%2C1746316%2C1746321%2C1746322%2C1746323%2C1746412%2C1746430%2C1746451%2C1746488%2C1746875%2C1746898%2C1746905%2C1746907%2C1746917%2C1747128%2C1747137%2C1747331%2C1747346%2C1747439%2C1747457%2C1747870%2C1749051%2C1749274%2C1749831 • CWE-787: Out-of-bounds Write •