CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29962
https://notcve.org/view.php?id=CVE-2021-29962
24 Jun 2021 — Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Firefox para Android se volvía inestable y difícil de recuperar cuando un sitio web abría demasiadas ventanas emergentes. • https://bugzilla.mozilla.org/show_bug.cgi?id=1701673 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29963
https://notcve.org/view.php?id=CVE-2021-29963
24 Jun 2021 — Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Las sugerencias de búsqueda de la barra de direcciones en el modo de navegación privada reusaban los datos de la sesión del modo normal. • https://bugzilla.mozilla.org/show_bug.cgi?id=1705068 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29964
https://notcve.org/view.php?id=CVE-2021-29964
24 Jun 2021 — A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Un programa hostil instalado localmente podría enviar mensajes "WM_COPYDATA" que Firefox procesaría incorrectamente, conllevando una lectura fuera de límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1706501 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29965
https://notcve.org/view.php?id=CVE-2021-29965
24 Jun 2021 — A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Un sitio web malicioso que causa que se genere un diálogo de autenticación HTTP podría engañar al gestor de contraseñas integrado para sugerir contraseñas para el ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1709257 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29968
https://notcve.org/view.php?id=CVE-2021-29968
24 Jun 2021 — When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1. Al dibujar texto en un lienzo con WebRender desactivado, podía producirse una lectura fuera de los límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1712047 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30547 – chromium-browser: Out of bounds write in ANGLE
https://notcve.org/view.php?id=CVE-2021-30547
15 Jun 2021 — Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una escritura fuera de límites en ANGLE en Google Chrome versiones anteriores a 91.0.4472.101 permitía a un atacante remoto potencialmente llevar a cabo un acceso a la memoria fuera de límites por medio de una página HTML diseñada It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS han... • https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29967 – Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
https://notcve.org/view.php?id=CVE-2021-29967
03 Jun 2021 — Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Los desarrolladores de Mozilla han reportado bugs de seguridad de memoria presentes en Firefox versión 88 y Firefox ESR versión 78.11. Algunos de estos bugs mostraban evidenci... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3656
https://notcve.org/view.php?id=CVE-2011-3656
02 Jun 2021 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Mozilla Firefox versiones anteriores a 3.6.24 y versión 4.x hasta 7, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores que implican errores HTTP 0.9, puertos no predeterminados y la ... • https://bugzilla.mozilla.org/show_bug.cgi?id=667907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29951 – Mozilla Windows Maintenance Service Weak DACL
https://notcve.org/view.php?id=CVE-2021-29951
11 May 2021 — The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderb... • https://packetstorm.news/files/id/162522 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29952 – Ubuntu Security Notice USN-4942-1
https://notcve.org/view.php?id=CVE-2021-29952
11 May 2021 — When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. Cuando se destruían los componentes de Web Render, una condición de carrera podría haber causado un comportamiento indefinido, y presumimos que con suficiente esfuerzo podría haber sido explotable para ejecutar código arbitrario. Esta vulnerabilid... • https://bugzilla.mozilla.org/show_bug.cgi?id=1704227 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •