CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 5CVE-2022-28282 – Mozilla: Use-after-free in DocumentL10n::TranslateDocument
https://notcve.org/view.php?id=CVE-2022-28282
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Al utilizar un enlace con <code>rel="localization"</code>, se podría haber activado un use-after-free al destruir un objeto durante la ejecución de JavaScript y luego hacer referencia al objeto a través de un puntero liberado, lo que provocaría un posible bloqueo explotable. Esta vulnerabilidad afecta a Thunderbird < 91.8, Firefox < 99 y Firefox ESR < 91.8. A flaw was found in Mozilla. • https://github.com/bb33bb/CVE-2022-28282-firefox https://bugzilla.mozilla.org/show_bug.cgi?id=1751609 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28282 https://bugzilla.redhat.com/show_bug.cgi?id=2072562 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28289 – Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
https://notcve.org/view.php?id=CVE-2022-28289
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Los desarrolladores de Mozilla y miembros de la comunidad Nika Layzell, Andrew McCreight, Gabriele Svelto y el equipo Mozilla Fuzzing informaron sobre errores de seguridad de la memoria presentes en Thunderbird 91.7. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28289 https://bugzilla.redhat.com/show_bug.cgi?id=2072566 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26383 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-26383
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Al cambiar el tamaño de una ventana emergente después de solicitar acceso a pantalla completa, la ventana emergente no mostraba la notificación en pantalla completa. Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742421 https://www.mozilla.org/security/advisories/mfsa2022-10 https://www.mozilla.org/security/advisories/mfsa2022-11 https://www.mozilla.org/security/advisories/mfsa2022-12 https://access.redhat.com/security/cve/CVE-2022-26383 https://bugzilla.redhat.com/show_bug.cgi?id=2062220 • CWE-449: The UI Performs the Wrong Action •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26384 – Mozilla: iframe allow-scripts sandbox bypass
https://notcve.org/view.php?id=CVE-2022-26384
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Si un atacante pudiera controlar el contenido de un iframe en un espacio aislado con <code>allow-popups</code> pero no con <code>allow-scripts</code>, podría crear un enlace que, al hacer clic, conduciría a Ejecución de JavaScript en violación de la sandbox. Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1744352 https://www.mozilla.org/security/advisories/mfsa2022-10 https://www.mozilla.org/security/advisories/mfsa2022-11 https://www.mozilla.org/security/advisories/mfsa2022-12 https://access.redhat.com/security/cve/CVE-2022-26384 https://bugzilla.redhat.com/show_bug.cgi?id=2062221 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26386 – Mozilla: Temporary files downloaded to /tmp and accessible by other local users
https://notcve.org/view.php?id=CVE-2022-26386
Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1752396 https://www.mozilla.org/security/advisories/mfsa2022-11 https://www.mozilla.org/security/advisories/mfsa2022-12 https://access.redhat.com/security/cve/CVE-2022-26386 https://bugzilla.redhat.com/show_bug.cgi?id=2062224 • CWE-281: Improper Preservation of Permissions •