CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22764 – Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
https://notcve.org/view.php?id=CVE-2022-22764
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Los desarrolladores de Mozilla, Paul Adenot y Mozilla Fuzzing Team, informaron sobre errores de seguridad de la memoria presentes en Firefox 96 y Firefox ESR 91.5. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22764 https://bugzilla.redhat.com/show_bug.cgi?id=2053243 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2021-4140 – Mozilla: Iframe sandbox bypass with XSLT
https://notcve.org/view.php?id=CVE-2021-4140
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Fue posible construir un marcado XSLT específico que podría omitir un entorno limitado de iframe. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1746720 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2021-4140 https://bugzilla.redhat.com/show_bug.cgi?id=2039568 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22737 – Mozilla: Race condition when playing audio files
https://notcve.org/view.php?id=CVE-2022-22737
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. La construcción de receptores de audio podría haber provocado una condición de ejecución al reproducir archivos de audio y cerrar ventanas. Esto podría haber dado lugar a un use-after-free que provocaría un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1745874 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22737 https://bugzilla.redhat.com/show_bug.cgi?id=2039567 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22738 – Mozilla: Heap-buffer-overflow in blendGaussianBlur
https://notcve.org/view.php?id=CVE-2022-22738
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. La aplicación de un efecto de filtro CSS podría haber accedido a la memoria fuera de los límites. Esto podría haber provocado un desbordamiento de búfer de almacenamiento dinámico provocando un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742382 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22738 https://bugzilla.redhat.com/show_bug.cgi?id=2039566 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22739 – Mozilla: Missing throttling on external protocol launch dialog
https://notcve.org/view.php?id=CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los sitios web maliciosos podrían haber engañado a los usuarios para que aceptaran iniciar un programa para manejar un protocolo URL externo. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. • https://bugzilla.mozilla.org/show_bug.cgi?id=1744158 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22739 https://bugzilla.redhat.com/show_bug.cgi?id=2039573 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •