CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-9399 – firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service
https://notcve.org/view.php?id=CVE-2024-9399
01 Oct 2024 — A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process, leading to a denial of service condition. • https://bugzilla.mozilla.org/show_bug.cgi?id=1907726 • CWE-404: Improper Resource Shutdown or Release CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-9392 – firefox: thunderbird: Compromised content process can bypass site isolation
https://notcve.org/view.php?id=CVE-2024-9392
01 Oct 2024 — This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. ... Multiple security issues were discovered in Firefox. ... Masato Kinugawa discovered that Firefox did not properly validate javascript under the "resource://pdf.js" origin. • https://bugzilla.mozilla.org/show_bug.cgi?id=1905843 • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8389 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-8389
03 Sep 2024 — Memory safety bugs present in Firefox 129. ... This vulnerability affects Firefox < 130. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1907230%2C1909367 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8387 – mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
https://notcve.org/view.php?id=CVE-2024-8387
03 Sep 2024 — Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. ... This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. The Mozilla Foundation's ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8385 – mozilla: WASM type confusion involving ArrayTypes
https://notcve.org/view.php?id=CVE-2024-8385
03 Sep 2024 — This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. ... USN-6992-1 fixed vulnerabilities in Firefox. ... Multiple security issues were discovered in Firefox. ... It was discovered that Firefox did not properly manage memory during garbage collection. • https://bugzilla.mozilla.org/show_bug.cgi?id=1911909 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8384 – mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions
https://notcve.org/view.php?id=CVE-2024-8384
03 Sep 2024 — This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. ... USN-6992-1 fixed vulnerabilities in Firefox. ... Multiple security issues were discovered in Firefox. ... It was discovered that Firefox did not properly manage memory during garbage collection. • https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8382 – mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
https://notcve.org/view.php?id=CVE-2024-8382
03 Sep 2024 — This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. • https://bugzilla.mozilla.org/show_bug.cgi?id=1906744 • CWE-273: Improper Check for Dropped Privileges CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 15%CPEs: 36EXPL: 1CVE-2024-8381 – mozilla: Type confusion when looking up a property name in a "with" block
https://notcve.org/view.php?id=CVE-2024-8381
03 Sep 2024 — This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. ... USN-6992-1 fixed vulnerabilities in Firefox. ... Multiple security issues were discovered in Firefox. ... It was discovered that Firefox did not properly manage memory during garbage collection. • https://github.com/bjrjk/CVE-2024-8381 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43111
https://notcve.org/view.php?id=CVE-2024-43111
06 Aug 2024 — Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-7530 – Gentoo Linux Security Advisory 202412-04
https://notcve.org/view.php?id=CVE-2024-7530
06 Aug 2024 — This vulnerability affects Firefox < 129. Multiple security issues were discovered in Firefox. ... It was discovered that Firefox did not properly manage certain memory operations when processing graphics shared memory. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904011 • CWE-416: Use After Free •