CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15656 – Mozilla: Type confusion for special arguments in IonMonkey
https://notcve.org/view.php?id=CVE-2020-15656
30 Jul 2020 — JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Las optimizaciones JIT que involucran el objeto de argumentos de Javascript podrían confundir optimizaciones posteriores. Este riesgo ya fue mitigado por varias precauciones en el código, resultando en este er... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15654 – Mozilla: Custom cursor can overlay user interface
https://notcve.org/view.php?id=CVE-2020-15654
30 Jul 2020 — When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Cuando en un bucle infinito, un sitio web que especifica un cursor personalizado usando CSS podría hacer que parezca que el usuario e... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15653 – Mozilla: Bypassing iframe sandbox when allowing popups
https://notcve.org/view.php?id=CVE-2020-15653
30 Jul 2020 — An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Un elemento del sandbox de iframe con el flag allow-popups podría ser omitida cuando se usan enlaces noopener. Esto podría haber conllevado a problemas de seguridad para los sitios web que depe... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15652 – Mozilla: Potential leak of redirect targets when loading scripts in a worker
https://notcve.org/view.php?id=CVE-2020-15652
28 Jul 2020 — By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Al observar el seguimiento de la pila de errores de JavaScript en los trabajadores web, fue posible filtrar el resultado de un redireccionamiento de origen cruzado. Esto se aplica solo al contenid... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •
CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0CVE-2020-15659 – Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
https://notcve.org/view.php?id=CVE-2020-15659
28 Jul 2020 — Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •