CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5727 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5727
24 Oct 2023 — The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. La advertencia de archivo ejecutable no se presentó al descargar archivos .msix, .msixbundle, .appx, y .appxbundle, que pueden ejecutar comandos en el ordenador de ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1847180 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5726 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5726
24 Oct 2023 — A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un sitio web podría haber oscurecido la notificación de pantalla completa utilizando el cuadro de diálogo de apertura de archivo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5725 – Mozilla: WebExtensions could open arbitrary URLs
https://notcve.org/view.php?id=CVE-2023-5725
24 Oct 2023 — A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Una WebExtension maliciosa instalada podría abrir URL arbitrarias, que en las circunstancias adecuadas podrían aprovecharse para recopilar datos confidenciales del usuario. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The... • https://bugzilla.mozilla.org/show_bug.cgi?id=1845739 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5724 – Mozilla: Large WebGL draw could have led to a crash
https://notcve.org/view.php?id=CVE-2023-5724
24 Oct 2023 — Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Los controladores no siempre son resistentes a las llamadas de "dibujo" extremadamente grandes y, en algunos casos, este escenario podría haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 • CWE-400: Uncontrolled Resource Consumption CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack
https://notcve.org/view.php?id=CVE-2023-5721
24 Oct 2023 — It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. A flaw was found ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 75%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5176 – Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
https://notcve.org/view.php?id=CVE-2023-5176
27 Sep 2023 — Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Errores de seguridad de la memoria presentes en Firefox 117, Firefox ESR 115.2 y Thunderbird 115.2. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836353%2C1842674%2C1843824%2C1843962%2C1848890%2C1850180%2C1850983%2C1851195 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5174 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5174
27 Sep 2023 — If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Si Windows no pudo duplicar un identificador durante la creación del proceso, es ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1848454 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2023-5171 – Mozilla: Use-after-free in Ion Compiler
https://notcve.org/view.php?id=CVE-2023-5171
27 Sep 2023 — During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Durante la compilación de Ion, una Recolección de Basura podría haber resultado en una condición de use-after-free, lo que permitiría a un atacante escribir dos bytes NUL y provocar un bloqueo potencialmente explotable. Esta vulnerabilidad ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1851599 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5169 – Mozilla: Out-of-bounds write in PathOps
https://notcve.org/view.php?id=CVE-2023-5169
27 Sep 2023 — A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Un proceso de contenido comprometido podría haber proporcionado datos maliciosos en un `PathRecording`, lo que habría resultado en una escritura fuera de los límites, lo que habría provocado una falla potencialmente explotable en un ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1846685 • CWE-787: Out-of-bounds Write •