CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29538
https://notcve.org/view.php?id=CVE-2023-29538
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1685403 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28161
https://notcve.org/view.php?id=CVE-2023-28161
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811181 https://www.mozilla.org/security/advisories/mfsa2023-09 • CWE-281: Improper Preservation of Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25750
https://notcve.org/view.php?id=CVE-2023-25750
Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. • https://bugzilla.mozilla.org/show_bug.cgi?id=1814733 https://www.mozilla.org/security/advisories/mfsa2023-09 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28160
https://notcve.org/view.php?id=CVE-2023-28160
When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. • https://bugzilla.mozilla.org/show_bug.cgi?id=1802385 https://www.mozilla.org/security/advisories/mfsa2023-09 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28177
https://notcve.org/view.php?id=CVE-2023-28177
Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1803109%2C1808832%2C1809542%2C1817336 https://www.mozilla.org/security/advisories/mfsa2023-09 • CWE-787: Out-of-bounds Write •