CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2022-29916 – Mozilla: Leaking browser history with CSS variables
https://notcve.org/view.php?id=CVE-2022-29916
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Firefox se comportó de manera ligeramente diferente para recursos ya conocidos al cargar recursos CSS que involucraban variables CSS. Esto podría haberse utilizado para sondear el historial del navegador. • https://bugzilla.mozilla.org/show_bug.cgi?id=1760674 https://www.mozilla.org/security/advisories/mfsa2022-16 https://www.mozilla.org/security/advisories/mfsa2022-17 https://www.mozilla.org/security/advisories/mfsa2022-18 https://access.redhat.com/security/cve/CVE-2022-29916 https://bugzilla.redhat.com/show_bug.cgi?id=2081470 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29911 – Mozilla: iframe Sandbox bypass
https://notcve.org/view.php?id=CVE-2022-29911
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Una implementación incorrecta de la nueva palabra clave de iframe sandbox <code>allow-top-navigation-by-user-activation</code> podría provocar la ejecución del script sin que <code>allow-scripts</code> esté presente. Esta vulnerabilidad afecta a Thunderbird < 91.9, Firefox ESR < 91.9 y Firefox < 100. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1761981 https://www.mozilla.org/security/advisories/mfsa2022-16 https://www.mozilla.org/security/advisories/mfsa2022-17 https://www.mozilla.org/security/advisories/mfsa2022-18 https://access.redhat.com/security/cve/CVE-2022-29911 https://bugzilla.redhat.com/show_bug.cgi?id=2081471 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1197 – Mozilla: OpenPGP revocation information was ignored
https://notcve.org/view.php?id=CVE-2022-1197
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8. Al importar una clave revocada que especificaba el compromiso de la clave como motivo de revocación, Thunderbird no actualizaba la copia existente de la clave que aún no había sido revocada y la clave existente se mantenía como no revocada. Las declaraciones de revocación que utilizaban otro motivo de revocación o que no especificaban un motivo de revocación no se vieron afectadas. • https://bugzilla.mozilla.org/show_bug.cgi?id=1754985 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-1197 https://bugzilla.redhat.com/show_bug.cgi?id=2072963 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 4CVE-2022-28285 – Mozilla: Incorrect AliasSet used in JIT Codegen
https://notcve.org/view.php?id=CVE-2022-28285
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Al generar el código ensamblador para <code>MLoadTypedArrayElementHole</code>, se utilizó un AliasSet incorrecto. Junto con otra vulnerabilidad, esto podría haberse utilizado para una lectura de memoria fuera de los límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1756957 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28285 https://bugzilla.redhat.com/show_bug.cgi?id=2072563 • CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 4CVE-2022-28286 – Mozilla: iframe contents could be rendered outside the border
https://notcve.org/view.php?id=CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Debido a un cambio de diseño, es posible que el contenido del iframe se haya representado fuera de su borde. Esto podría haber provocado confusión en el usuario o ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735265 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28286 https://bugzilla.redhat.com/show_bug.cgi?id=2072564 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •