CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31736 – Mozilla: Cross-Origin resource's length leaked
https://notcve.org/view.php?id=CVE-2022-31736
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Un sitio web malicioso podría haber aprendido el tamaño de un recurso de origen cruzado que admitiera solicitudes de rango. Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10. The Mozilla Foundation Security Advisory describes this flaw as: A malicious website that could have learned the size of a cross-origin resource that supported Range requests. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735923 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31736 https://bugzilla.redhat.com/show_bug.cgi?id=2092018 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31742 – Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
https://notcve.org/view.php?id=CVE-2022-31742
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Un atacante podría haber aprovechado un ataque de sincronización enviando una gran cantidad de entradas allowCredential y detectando la diferencia entre identificadores de claves no válidas y identificadores de claves de origen cruzado. Esto podría haber llevado a la vinculación de cuentas entre orígenes en violación de los objetivos de WebAuthn. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730434 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31742 https://bugzilla.redhat.com/show_bug.cgi?id=2092025 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1802 – Mozilla Firefox Top-Level Await Prototype Pollution Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-1802
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. Si un atacante pudo corromper los métodos de un objeto Array en JavaScript mediante la contaminación de prototipos, podría haber logrado la ejecución del código JavaScript controlado por el atacante en un contexto privilegiado. Esta vulnerabilidad afecta a Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox para Android < 100.3.0 y Thunderbird < 91.9.1. The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. • https://github.com/mistymntncop/CVE-2022-1802 https://bugzilla.mozilla.org/show_bug.cgi?id=1770137 https://www.mozilla.org/security/advisories/mfsa2022-19 https://access.redhat.com/security/cve/CVE-2022-1802 https://bugzilla.redhat.com/show_bug.cgi?id=2089217 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1529 – Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-1529
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. Un atacante podría haber enviado un mensaje al proceso principal donde el contenido se usó para realizar un doble índice en un objeto JavaScript, lo que provocó la contaminación del prototipo y, en última instancia, la ejecución de JavaScript controlada por el atacante en el proceso principal privilegiado. Esta vulnerabilidad afecta a Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox para Android < 100.3.0 y Thunderbird < 91.9.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 https://www.mozilla.org/security/advisories/mfsa2022-19 https://access.redhat.com/security/cve/CVE-2022-1529 https://bugzilla.redhat.com/show_bug.cgi?id=2089218 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2022-29916 – Mozilla: Leaking browser history with CSS variables
https://notcve.org/view.php?id=CVE-2022-29916
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Firefox se comportó de manera ligeramente diferente para recursos ya conocidos al cargar recursos CSS que involucraban variables CSS. Esto podría haberse utilizado para sondear el historial del navegador. • https://bugzilla.mozilla.org/show_bug.cgi?id=1760674 https://www.mozilla.org/security/advisories/mfsa2022-16 https://www.mozilla.org/security/advisories/mfsa2022-17 https://www.mozilla.org/security/advisories/mfsa2022-18 https://access.redhat.com/security/cve/CVE-2022-29916 https://bugzilla.redhat.com/show_bug.cgi?id=2081470 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •