CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38493 – Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://notcve.org/view.php?id=CVE-2021-38493
13 Sep 2021 — Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox versión 91 y Firefox ESR versión 78.13. Algunos de estos bugs mostraban evidenci... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38491 – Ubuntu Security Notice USN-5074-1
https://notcve.org/view.php?id=CVE-2021-38491
10 Sep 2021 — Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. Unas comprobaciones de contenido mixto no podían analizar los orígenes opacos, lo que conllevaba a una carga de algunos contenidos mixtos. Esta vulnerabilidad afecta a Firefox versiones anteriores a 92 Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to... • https://bugzilla.mozilla.org/show_bug.cgi?id=1551886 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29981 – Ubuntu Security Notice USN-5248-1
https://notcve.org/view.php?id=CVE-2021-29981
17 Aug 2021 — An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. Un problema presente en la asignación de bajada y registro podría haber conllevado a fallos de confusión de registro oscuros pero deterministas en el código JITted que conllevaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox version... • https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29982 – openSUSE Security Advisory - openSUSE-SU-2021:1367-1
https://notcve.org/view.php?id=CVE-2021-29982
17 Aug 2021 — Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Debido a una optimización JIT incorrecta, interpretamos incorrectamente los datos de un tipo de objeto erróneo, resultando en la posible filtración de un solo bit de memoria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91. An update that... • https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29983 – openSUSE Security Advisory - openSUSE-SU-2021:1367-1
https://notcve.org/view.php?id=CVE-2021-29983
17 Aug 2021 — Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91. Firefox para Android podía quedarse atascado en el modo de pantalla completa y no salir de él incluso después de las interacciones normales que deberían causar su salida. • https://bugzilla.mozilla.org/show_bug.cgi?id=1719088 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29987 – Ubuntu Security Notice USN-5248-1
https://notcve.org/view.php?id=CVE-2021-29987
17 Aug 2021 — After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. Después de solicitar múltiples permisos, y cerrar el primer panel de permisos, los... • https://bugzilla.mozilla.org/show_bug.cgi?id=1716129 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29990 – openSUSE Security Advisory - openSUSE-SU-2021:1367-1
https://notcve.org/view.php?id=CVE-2021-29990
17 Aug 2021 — Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. Los desarrolladores de Mozilla y los miembros de la comunidad informaron de bugs de seguridad de memoria presentes en Firefox versión 90. Algunos de estos bugs mostraron evidencias de corrupción de la memoria y presumimos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29986 – Mozilla: Race condition when resolving DNS names could have led to memory corruption
https://notcve.org/view.php?id=CVE-2021-29986
16 Aug 2021 — A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una supuesta condición de carrera cuando se llama a getaddrinfo que conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: Este problema sólo afectaba a los sist... • https://bugzilla.mozilla.org/show_bug.cgi?id=1696138 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-29988 – Mozilla: Memory corruption as a result of incorrect style treatment
https://notcve.org/view.php?id=CVE-2021-29988
16 Aug 2021 — Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Firefox trataba incorrectamente un elemento de lista en línea como un elemento de bloqueo, resultando en una lectura fuera de límites o una corrupción de la memoria, y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1717922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-29984 – Mozilla: Incorrect instruction reordering during JIT optimization
https://notcve.org/view.php?id=CVE-2021-29984
16 Aug 2021 — Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una reordenación de instrucciones resultaba en una secuencia de instrucciones que causaría que un objeto fuera considerado incorrectamente durante la recogida de basura. Esto conllevaba a una cor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •