CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31740 – Mozilla: Register allocation problem in WASM on arm64
https://notcve.org/view.php?id=CVE-2022-31740
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. En arm64, el código WASM podría haber dado lugar a una generación de ensamblaje incorrecta, lo que provocó un problema de asignación de registros y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10. The Mozilla Foundation Security Advisory describes this flaw as: On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1766806 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31740 https://bugzilla.redhat.com/show_bug.cgi?id=2092023 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31741 – Mozilla: Uninitialized variable leads to invalid memory read
https://notcve.org/view.php?id=CVE-2022-31741
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Un mensaje CMS manipulado podría haberse procesado incorrectamente, lo que habría provocado una lectura de memoria no válida y, potencialmente, una mayor corrupción de la memoria. Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10. The Mozilla Foundation Security Advisory describes this flaw as: A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767590 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31741 https://bugzilla.redhat.com/show_bug.cgi?id=2092024 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31742 – Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
https://notcve.org/view.php?id=CVE-2022-31742
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Un atacante podría haber aprovechado un ataque de sincronización enviando una gran cantidad de entradas allowCredential y detectando la diferencia entre identificadores de claves no válidas y identificadores de claves de origen cruzado. Esto podría haber llevado a la vinculación de cuentas entre orígenes en violación de los objetivos de WebAuthn. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730434 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31742 https://bugzilla.redhat.com/show_bug.cgi?id=2092025 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31747 – Mozilla: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
https://notcve.org/view.php?id=CVE-2022-31747
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Los desarrolladores de Mozilla, Andrew McCreight, Nicolas B. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31747 https://bugzilla.redhat.com/show_bug.cgi?id=2092026 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1802 – Mozilla Firefox Top-Level Await Prototype Pollution Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-1802
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. Si un atacante pudo corromper los métodos de un objeto Array en JavaScript mediante la contaminación de prototipos, podría haber logrado la ejecución del código JavaScript controlado por el atacante en un contexto privilegiado. Esta vulnerabilidad afecta a Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox para Android < 100.3.0 y Thunderbird < 91.9.1. The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. • https://github.com/mistymntncop/CVE-2022-1802 https://bugzilla.mozilla.org/show_bug.cgi?id=1770137 https://www.mozilla.org/security/advisories/mfsa2022-19 https://access.redhat.com/security/cve/CVE-2022-1802 https://bugzilla.redhat.com/show_bug.cgi?id=2089217 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •