CVSS: 9.4EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7525 – mozilla: Missing permission check when creating a StreamFilter
https://notcve.org/view.php?id=CVE-2024-7525
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1909298 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7524 – mozilla: CSP strict-dynamic bypass using web-compatibility shims
https://notcve.org/view.php?id=CVE-2024-7524
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1909241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7522 – mozilla: Out of bounds read in editor component
https://notcve.org/view.php?id=CVE-2024-7522
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1906727 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7521 – mozilla: Incomplete WebAssembly exception handing
https://notcve.org/view.php?id=CVE-2024-7521
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904644 • CWE-416: Use After Free CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7520 – mozilla: Type confusion in WebAssembly
https://notcve.org/view.php?id=CVE-2024-7520
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1903041 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7519 – mozilla: Out of bounds memory access in graphics shared memory handling
https://notcve.org/view.php?id=CVE-2024-7519
06 Aug 2024 — This could be leveraged by an attacker to perform a sandbox escape. ... This could be leveraged by an attacker to perform a sandbox escape. ... This could be leveraged by an attacker to perform a sandbox escape. ... An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902307 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7518 – mozilla: Fullscreen notification dialog can be obscured by document content
https://notcve.org/view.php?id=CVE-2024-7518
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29069 – snapd will follow archived symlinks when unpacking a filesystem
https://notcve.org/view.php?id=CVE-2024-29069
25 Jul 2024 — An attacker who could convince a user to install a malicious snap could use this vulnerability to escape the snap sandbox. • https://github.com/snapcore/snapd/pull/13682 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29068 – snapd non-regular file indefinite blocking read
https://notcve.org/view.php?id=CVE-2024-29068
25 Jul 2024 — An attacker who could convince a user to install a malicious snap could use this vulnerability to escape the snap sandbox. • https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1724 – snapd allows $HOME/bin symlink
https://notcve.org/view.php?id=CVE-2024-1724
25 Jul 2024 — In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. ... An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by th... • https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6 • CWE-732: Incorrect Permission Assignment for Critical Resource •