CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0616 – Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP
https://notcve.org/view.php?id=CVE-2023-0616
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. • https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 https://www.mozilla.org/security/advisories/mfsa2023-07 https://access.redhat.com/security/cve/CVE-2023-0616 https://bugzilla.redhat.com/show_bug.cgi?id=2171397 • CWE-400: Uncontrolled Resource Consumption CWE-449: The UI Performs the Wrong Action •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25736
https://notcve.org/view.php?id=CVE-2023-25736
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811331 https://www.mozilla.org/security/advisories/mfsa2023-05 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25733
https://notcve.org/view.php?id=CVE-2023-25733
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. • https://bugzilla.mozilla.org/show_bug.cgi?id=1808632 https://www.mozilla.org/security/advisories/mfsa2023-05 • CWE-252: Unchecked Return Value •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25731
https://notcve.org/view.php?id=CVE-2023-25731
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. • https://bugzilla.mozilla.org/show_bug.cgi?id=1801542 https://www.mozilla.org/security/advisories/mfsa2023-05 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25743 – Mozilla: Fullscreen notification not shown in Firefox Focus
https://notcve.org/view.php?id=CVE-2023-25743
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome. *This bug only affects Firefox Focus. • https://bugzilla.mozilla.org/show_bug.cgi?id=1800203 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://access.redhat.com/security/cve/CVE-2023-25743 https://bugzilla.redhat.com/show_bug.cgi?id=2170376 • CWE-290: Authentication Bypass by Spoofing CWE-357: Insufficient UI Warning of Dangerous Operations •