CVE-2022-22759 – Mozilla: Sandboxed iframes could have executed script if the parent appended elements
https://notcve.org/view.php?id=CVE-2022-22759
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si un documento creó un iframe en la sandboxed sin <code>allow-scripts</code> y posteriormente agregó un elemento al documento del iframe que, por ejemplo, tenía un controlador de eventos JavaScript, el controlador de eventos se habría ejecutado a pesar de la sandbox del iframe. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1739957 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22759 https://bugzilla.redhat.com/show_bug.cgi?id=2053242 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2022-22754 – Mozilla: Extensions could have bypassed permission confirmation during update
https://notcve.org/view.php?id=CVE-2022-22754
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si un usuario instaló una extensión de un tipo particular, la extensión podría haberse actualizado automáticamente y, al hacerlo, omitir el mensaje que otorga a la nueva versión los nuevos permisos solicitados. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1750565 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22754 https://bugzilla.redhat.com/show_bug.cgi?id=2053236 • CWE-863: Incorrect Authorization CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2022-22763 – Mozilla: Script Execution during invalid object state
https://notcve.org/view.php?id=CVE-2022-22763
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. Cuando se apaga un trabajador, era posible hacer que el script se ejecutara tarde en el ciclo de vida, en un punto posterior al que no debería ser posible. Esta vulnerabilidad afecta a Firefox < 96, Thunderbird< 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible. • https://bugzilla.mozilla.org/show_bug.cgi?id=1740534 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22763 https://bugzilla.redhat.com/show_bug.cgi?id=2053240 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-22760 – Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types
https://notcve.org/view.php?id=CVE-2022-22760
When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas <code>application/javascript</code> y respuestas sin script. Se podría haber abusado de esto para aprender información de origen cruzado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1740985 https://bugzilla.mozilla.org/show_bug.cgi?id=1748503 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22760 https://bugzilla.redhat.com/show_bug.cgi?id=2053238 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2022-22764 – Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
https://notcve.org/view.php?id=CVE-2022-22764
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Los desarrolladores de Mozilla, Paul Adenot y Mozilla Fuzzing Team, informaron sobre errores de seguridad de la memoria presentes en Firefox 96 y Firefox ESR 91.5. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22764 https://bugzilla.redhat.com/show_bug.cgi?id=2053243 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •