CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22761 – Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
https://notcve.org/view.php?id=CVE-2022-22761
Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Las páginas de extensión accesibles desde la web (páginas con un esquema moz-extension://) no aplicaban correctamente la directiva frame-ancestors cuando se usaba en la Política de seguridad de contenido de la extensión web. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory describes this flaw as: Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1745566 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22761 https://bugzilla.redhat.com/show_bug.cgi?id=2053239 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22759 – Mozilla: Sandboxed iframes could have executed script if the parent appended elements
https://notcve.org/view.php?id=CVE-2022-22759
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si un documento creó un iframe en la sandboxed sin <code>allow-scripts</code> y posteriormente agregó un elemento al documento del iframe que, por ejemplo, tenía un controlador de eventos JavaScript, el controlador de eventos se habría ejecutado a pesar de la sandbox del iframe. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1739957 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22759 https://bugzilla.redhat.com/show_bug.cgi?id=2053242 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43529 – thunderbird: Memory corruption when processing S/MIME messages
https://notcve.org/view.php?id=CVE-2021-43529
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. • https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-43529 https://access.redhat.com/security/cve/CVE-2021-43529 https://bugzilla.redhat.com/show_bug.cgi?id=2088353 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/vulnerabilities/RHSB-2021-008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4126
https://notcve.org/view.php?id=CVE-2021-4126
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. This vulnerability affects Thunderbird < 91.4.1. Al recibir un mensaje de correo electrónico firmado con OpenPGP/MIME que contiene una capa de mensaje MIME externa adicional, por ejemplo un pie de página de mensaje agregado por una puerta de enlace de lista de correo, Thunderbird solo consideró el mensaje firmado interno para la validez de la firma. • https://bugzilla.mozilla.org/show_bug.cgi?id=1732310 https://www.mozilla.org/security/advisories/mfsa2021-55 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22751 – Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
https://notcve.org/view.php?id=CVE-2022-22751
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los desarrolladores de Mozilla, Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke y Steve Fink informaron sobre errores de seguridad de la memoria presentes en Firefox 95 y Firefox ESR 91.4. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22751 https://bugzilla.redhat.com/show_bug.cgi?id=2039574 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •